@@ -5,7 +5,7 @@
name = network
version = 010
-release = 5
+release = 6
maintainer = Michael Tremer <michael.tremer@ipfire.org>
groups = Base Networking/Tools
@@ -24,9 +24,12 @@ source_dl = https://source.ipfire.org/releases/network/
build
requires
+ asciidoc
autoconf
automake
docbook-xsl
+ json-c-devel
+ libcap-devel
libnl3-devel
libxslt
systemd-devel
new file mode 100644
@@ -0,0 +1,26 @@
+From af91a344198a1f3c47dc18905870818a0758d427 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 24 Sep 2018 21:55:51 +0100
+Subject: [PATCH 001/304] Bump version to 011
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ configure.ac | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure.ac b/configure.ac
+index 9baab31..08e9089 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -21,7 +21,7 @@
+ AC_PREREQ([2.64])
+
+ AC_INIT([network],
+- [010],
++ [011],
+ [info@ipfire.org],
+ [network],
+ [http://www.ipfire.org/])
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,144 @@
+From b99bbd83b94d380bd07dcace8fb0e95b76b01e9f Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 24 Sep 2018 23:13:22 +0200
+Subject: [PATCH 002/304] bridge: Check input and return useful errors
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/zones/bridge | 80 +++++++++++++++++++++++++++++++++---------
+ 1 file changed, 63 insertions(+), 17 deletions(-)
+
+diff --git a/src/hooks/zones/bridge b/src/hooks/zones/bridge
+index 38b2b5f..838a513 100644
+--- a/src/hooks/zones/bridge
++++ b/src/hooks/zones/bridge
+@@ -23,13 +23,12 @@
+
+ HOOK_MANPAGE="network-zone-bridge"
+
+-HOOK_SETTINGS="HOOK STP STP_FORWARD_DELAY STP_HELLO STP_MAXAGE"
+-HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MAC MTU"
++HOOK_SETTINGS="HOOK ADDRESS STP STP_FORWARD_DELAY STP_HELLO STP_MAXAGE"
++HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MTU"
+
+ HOOK_PORT_SETTINGS="COST PRIORITY"
+
+ # Default values
+-MAC=""
+ MTU=1500
+ STP="on"
+ STP_FORWARD_DELAY=0
+@@ -38,7 +37,9 @@ STP_MAXAGE=20
+ STP_PRIORITY=512
+
+ hook_check_settings() {
+- assert ismac MAC
++ assert ismac ADDRESS
++
++ # Spanning Tree Protocol
+ assert isbool STP
+ assert isinteger STP_HELLO
+ assert isinteger STP_FORWARD_DELAY
+@@ -49,33 +50,78 @@ hook_check_settings() {
+ hook_parse_cmdline() {
+ while [ $# -gt 0 ]; do
+ case "${1}" in
++ --address=*)
++ ADDRESS="$(cli_get_val "${1}")"
++
++ if ! mac_is_valid "${ADDRESS}"; then
++ error "Invalid MAC address: ${ADDRESS}"
++ return ${EXIT_ERROR}
++ fi
++ ;;
++
++ --mtu=*)
++ MTU="$(cli_get_val "${1}")"
++
++ if ! mtu_is_valid "ethernet" "${MTU}"; then
++ error "Invalid MTU: ${MTU}"
++ return ${EXIT_ERROR}
++ fi
++ ;;
++
+ --stp=*)
+- STP=${1#--stp=}
++ STP="$(cli_get_val "${1}")"
++
++ if enabled STP; then
++ STP="on"
++ elif disabled STP; then
++ STP="off"
++ else
++ error "Invalid value for STP: ${STP}"
++ return ${EXIT_ERROR}
++ fi
+ ;;
++
+ --stp-hello=*)
+- STP_HELLO=${1#--stp-hello=}
++ STP_HELLO="$(cli_get_val "${1}")"
++
++ if ! isinteger STP_HELLO; then
++ error "Invalid STP hello time: ${STP_HELLO}"
++ return ${EXIT_ERROR}
++ fi
+ ;;
++
+ --stp-forward-delay=*)
+- STP_FORWARD_DELAY=${1#--stp-forward-delay=}
++ STP_FORWARD_DELAY="$(cli_get_val "${1}")"
++
++ if ! isinteger STP_FORWARD_DELAY; then
++ error "Invalid STP forwarding delay: ${STP_FORWARD_DELAY}"
++ return ${EXIT_ERROR}
++ fi
+ ;;
++
+ --stp-priority=*)
+- STP_PRIORITY=${1#--stp-priority=}
+- ;;
+- --mtu=*)
+- MTU=${1#--mtu=}
+- ;;
+- --mac=*)
+- MAC=${1#--mac=}
++ STP_PRIORITY="$(cli_get_val "${1}")"
++
++ if ! isinteger STP_PRIORITY; then
++ error "Invalid STP priority: ${STP_PRIORITY}"
++ return ${EXIT_ERROR}
++ fi
+ ;;
++
+ *)
+- warning "Ignoring unknown option '${1}'"
++ error "Unknown argument: ${1}"
++ return ${EXIT_ERROR}
+ ;;
+ esac
+ shift
+ done
+
+ # Generate a random MAC address if the user passed no one
+- isset MAC || MAC="$(mac_generate)"
++ if isset ADDRESS; then
++ ADDRESS="$(mac_generate)"
++ fi
++
++ return ${EXIT_OK}
+ }
+
+ hook_up() {
+@@ -87,7 +133,7 @@ hook_up() {
+ # Create the bridge if it does not already exist.
+ if ! device_exists "${zone}"; then
+ bridge_create "${zone}" \
+- --address="${MAC}" \
++ --address="${ADDRESS}" \
+ --mtu="${MTU}"
+ fi
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,32 @@
+From d95e2fdc65aeeca72ef326102f26727199b27b95 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 24 Sep 2018 23:15:26 +0200
+Subject: [PATCH 003/304] bridge: Fix assertion for MTU
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/zones/bridge | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/hooks/zones/bridge b/src/hooks/zones/bridge
+index 838a513..d610814 100644
+--- a/src/hooks/zones/bridge
++++ b/src/hooks/zones/bridge
+@@ -38,13 +38,13 @@ STP_PRIORITY=512
+
+ hook_check_settings() {
+ assert ismac ADDRESS
++ assert isset MTU && assert mtu_is_valid "ethernet" "${MTU}"
+
+ # Spanning Tree Protocol
+ assert isbool STP
+ assert isinteger STP_HELLO
+ assert isinteger STP_FORWARD_DELAY
+ assert isinteger STP_PRIORITY
+- assert isinteger MTU
+ }
+
+ hook_parse_cmdline() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,127 @@
+From 1fc4b3cac15c709b3a6f4a3171265a5cff793f47 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 24 Sep 2018 23:17:30 +0200
+Subject: [PATCH 004/304] bridge: Reorder functions into the common order
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/zones/bridge | 96 +++++++++++++++++++++---------------------
+ 1 file changed, 49 insertions(+), 47 deletions(-)
+
+diff --git a/src/hooks/zones/bridge b/src/hooks/zones/bridge
+index d610814..fb81673 100644
+--- a/src/hooks/zones/bridge
++++ b/src/hooks/zones/bridge
+@@ -172,53 +172,6 @@ hook_up() {
+ exit ${EXIT_OK}
+ }
+
+-hook_hotplug() {
+- local zone="${1}"
+- assert isset zone
+-
+- case "$(hotplug_action)" in
+- add)
+- # Attach all ports when zone is coming up
+- if hotplug_event_interface_is_zone "${zone}"; then
+- # Bring up all ports
+- local port
+- for port in $(zone_get_ports "${zone}"); do
+- log DEBUG "Trying to attach port ${port} to ${zone}"
+-
+- hook_port_up "${zone}" "${port}"
+- done
+-
+- # Handle ports of this zone that have just been added
+- elif hotplug_event_interface_is_port_of_zone "${zone}"; then
+- # Attach the device if the parent bridge is up
+- if zone_is_active "${zone}"; then
+- hook_port_up "${zone}" "${INTERFACE}"
+- fi
+- fi
+- ;;
+- remove)
+- if hotplug_event_interface_is_zone "${zone}"; then
+- # Bring down/destroy all ports
+- local port
+- for port in $(zone_get_ports "${zone}"); do
+- log DEBUG "Trying to detach port ${port} from ${zone}"
+-
+- hook_port_down "${zone}" "${port}"
+- done
+-
+- # Handle ports of this zone that have just been removed
+- elif hotplug_event_interface_is_port_of_zone "${zone}"; then
+- hook_port_down "${zone}" "${INTERFACE}"
+- fi
+- ;;
+- *)
+- exit ${EXIT_NOT_HANDLED}
+- ;;
+- esac
+-
+- exit ${EXIT_OK}
+-}
+-
+ hook_down() {
+ local zone="${1}"
+ assert isset zone
+@@ -294,6 +247,55 @@ hook_status() {
+ exit ${EXIT_OK}
+ }
+
++hook_hotplug() {
++ local zone="${1}"
++ assert isset zone
++
++ case "$(hotplug_action)" in
++ add)
++ # Attach all ports when zone is coming up
++ if hotplug_event_interface_is_zone "${zone}"; then
++ # Bring up all ports
++ local port
++ for port in $(zone_get_ports "${zone}"); do
++ log DEBUG "Trying to attach port ${port} to ${zone}"
++
++ hook_port_up "${zone}" "${port}"
++ done
++
++ # Handle ports of this zone that have just been added
++ elif hotplug_event_interface_is_port_of_zone "${zone}"; then
++ # Attach the device if the parent bridge is up
++ if zone_is_active "${zone}"; then
++ hook_port_up "${zone}" "${INTERFACE}"
++ fi
++ fi
++ ;;
++
++ remove)
++ if hotplug_event_interface_is_zone "${zone}"; then
++ # Bring down/destroy all ports
++ local port
++ for port in $(zone_get_ports "${zone}"); do
++ log DEBUG "Trying to detach port ${port} from ${zone}"
++
++ hook_port_down "${zone}" "${port}"
++ done
++
++ # Handle ports of this zone that have just been removed
++ elif hotplug_event_interface_is_port_of_zone "${zone}"; then
++ hook_port_down "${zone}" "${INTERFACE}"
++ fi
++ ;;
++
++ *)
++ exit ${EXIT_NOT_HANDLED}
++ ;;
++ esac
++
++ exit ${EXIT_OK}
++}
++
+ hook_check_port_settings() {
+ if isset COST; then
+ assert isinteger COST
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,78 @@
+From c259c985bc98ad89350f81b68db58925163a43eb Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 24 Sep 2018 23:29:25 +0200
+Subject: [PATCH 005/304] bridge: Set proper defaults
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hook | 12 ++++++++++++
+ src/hooks/zones/bridge | 20 +++++++++++++-------
+ 2 files changed, 25 insertions(+), 7 deletions(-)
+
+diff --git a/src/functions/functions.hook b/src/functions/functions.hook
+index ad51ad5..2f3ced0 100644
+--- a/src/functions/functions.hook
++++ b/src/functions/functions.hook
+@@ -124,6 +124,18 @@ hook_help() {
+ exit $?
+ }
+
++# Sets all settings in HOOK_SETTINGS to their DEFAULT_* values
++hook_set_defaults() {
++ local setting
++ for setting in ${HOOK_SETTINGS}; do
++ local default="DEFAULT_${setting}"
++
++ if isset ${default}; then
++ assign "${setting}" "${!default}"
++ fi
++ done
++}
++
+ config_get_hook() {
+ local config=${1}
+
+diff --git a/src/hooks/zones/bridge b/src/hooks/zones/bridge
+index fb81673..1144ba0 100644
+--- a/src/hooks/zones/bridge
++++ b/src/hooks/zones/bridge
+@@ -29,12 +29,10 @@ HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MTU"
+ HOOK_PORT_SETTINGS="COST PRIORITY"
+
+ # Default values
+-MTU=1500
+-STP="on"
+-STP_FORWARD_DELAY=0
+-STP_HELLO=2
+-STP_MAXAGE=20
+-STP_PRIORITY=512
++DEFAULT_STP_FORWARD_DELAY=0
++DEFAULT_STP_HELLO=2
++DEFAULT_STP_MAXAGE=20
++DEFAULT_STP_PRIORITY=512
+
+ hook_check_settings() {
+ assert ismac ADDRESS
+@@ -117,10 +115,18 @@ hook_parse_cmdline() {
+ done
+
+ # Generate a random MAC address if the user passed no one
+- if isset ADDRESS; then
++ if ! isset ADDRESS; then
+ ADDRESS="$(mac_generate)"
+ fi
+
++ # Enable Spanning Tree Protocol by default
++ if ! isset STP; then
++ STP="on"
++ fi
++
++ # Set all other defaults
++ hook_set_defaults
++
+ return ${EXIT_OK}
+ }
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,46 @@
+From b76b7d88a5fc7271e9a16d4acb531cdfe45f3957 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 24 Sep 2018 23:31:43 +0200
+Subject: [PATCH 006/304] bridge: Order arguments in alphabetical order
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/zones/bridge | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/src/hooks/zones/bridge b/src/hooks/zones/bridge
+index 1144ba0..98aaef8 100644
+--- a/src/hooks/zones/bridge
++++ b/src/hooks/zones/bridge
+@@ -79,20 +79,20 @@ hook_parse_cmdline() {
+ fi
+ ;;
+
+- --stp-hello=*)
+- STP_HELLO="$(cli_get_val "${1}")"
++ --stp-forward-delay=*)
++ STP_FORWARD_DELAY="$(cli_get_val "${1}")"
+
+- if ! isinteger STP_HELLO; then
+- error "Invalid STP hello time: ${STP_HELLO}"
++ if ! isinteger STP_FORWARD_DELAY; then
++ error "Invalid STP forwarding delay: ${STP_FORWARD_DELAY}"
+ return ${EXIT_ERROR}
+ fi
+ ;;
+
+- --stp-forward-delay=*)
+- STP_FORWARD_DELAY="$(cli_get_val "${1}")"
++ --stp-hello=*)
++ STP_HELLO="$(cli_get_val "${1}")"
+
+- if ! isinteger STP_FORWARD_DELAY; then
+- error "Invalid STP forwarding delay: ${STP_FORWARD_DELAY}"
++ if ! isinteger STP_HELLO; then
++ error "Invalid STP hello time: ${STP_HELLO}"
+ return ${EXIT_ERROR}
+ fi
+ ;;
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,33 @@
+From 0f8d47058e6dedc5f20caf367a5296647ec950d1 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 24 Sep 2018 23:32:40 +0200
+Subject: [PATCH 007/304] bridge: Add option to missing --stp-max-age=
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/zones/bridge | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/hooks/zones/bridge b/src/hooks/zones/bridge
+index 98aaef8..93a3a31 100644
+--- a/src/hooks/zones/bridge
++++ b/src/hooks/zones/bridge
+@@ -97,6 +97,15 @@ hook_parse_cmdline() {
+ fi
+ ;;
+
++ --stp-max-age=*)
++ STP_MAXAGE="$(cli_get_val "${1}")"
++
++ if ! isinteger STP_MAXAGE; then
++ error "Invalid STP max age: ${STP_MAXAGE}"
++ return ${EXIT_ERROR}
++ fi
++ ;;
++
+ --stp-priority=*)
+ STP_PRIORITY="$(cli_get_val "${1}")"
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,29 @@
+From 5b29153cd4527392d6ca4bf8d3cba491db8d490e Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 1 Oct 2018 00:07:37 +0200
+Subject: [PATCH 008/304] Remove unused function
+
+Fixes: #11423
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.zone | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/src/functions/functions.zone b/src/functions/functions.zone
+index b9d475f..57e0b71 100644
+--- a/src/functions/functions.zone
++++ b/src/functions/functions.zone
+@@ -619,10 +619,6 @@ zone_config_list() {
+ done
+ }
+
+-zone_config_show() {
+- zone_config_cmd "show" "$@"
+-}
+-
+ # Returns a list of all used ids for a zone
+ zone_config_list_ids() {
+ assert [ $# -eq 1 ]
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,33 @@
+From 7b9557028a381206c573e42a7f5294d20aa0609b Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 1 Oct 2018 01:02:27 +0200
+Subject: [PATCH 009/304] bonding; Validate any MAC address passed
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/bonding | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/hooks/ports/bonding b/src/hooks/ports/bonding
+index 2880a78..40d849f 100644
+--- a/src/hooks/ports/bonding
++++ b/src/hooks/ports/bonding
+@@ -39,8 +39,14 @@ hook_parse_cmdline() {
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ --address=*)
+- ADDRESS=$(cli_get_val "${1}")
++ ADDRESS="$(cli_get_val "${1}")"
++
++ if ! mac_is_valid "${ADDRESS}"; then
++ error "Invalid MAC address: ${ADDRESS}"
++ return ${EXIT_ERROR}
++ fi
+ ;;
++
+ --miimon=*)
+ MIIMON=$(cli_get_val "${1}")
+ ;;
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,34 @@
+From ae2c5b2b954bfc5282f0ef359d0960a2cd610e14 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Dec 2018 13:38:13 +0100
+Subject: [PATCH 010/304] ip-tunnel: Set TTL to 255 by default
+
+By default, the Linux kernel inherits the TTL of the transported
+packet. Usually with BGP, the TTL is deliberately set to 1 or very
+low numbers which causes the packet to be dropped after the first
+hop.
+
+Since the tunnel should be routed, we set this to a default value
+of 255 and ignore the TTL of the encapsulated packet.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.ip-tunnel | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.ip-tunnel b/src/functions/functions.ip-tunnel
+index 1184a84..11eb3c7 100644
+--- a/src/functions/functions.ip-tunnel
++++ b/src/functions/functions.ip-tunnel
+@@ -77,7 +77,7 @@ ip_tunnel_add() {
+ shift
+
+ local mode
+- local ttl
++ local ttl=255
+
+ local address
+ local remote_address
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,107 @@
+From 6a1b0fb170c7d66559935a6a4f8ee0e2bfdbf485 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 16 Dec 2018 17:10:47 +0000
+Subject: [PATCH 011/304] bird: Add some generic configuration file
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 1 +
+ src/functions/functions.bird | 74 ++++++++++++++++++++++++++++++++++++
+ 2 files changed, 75 insertions(+)
+ create mode 100644 src/functions/functions.bird
+
+diff --git a/Makefile.am b/Makefile.am
+index 399652e..0139f95 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -127,6 +127,7 @@ EXTRA_DIST += \
+ dist_network_DATA = \
+ src/functions/functions.at \
+ src/functions/functions.auth \
++ src/functions/functions.bird \
+ src/functions/functions.bonding \
+ src/functions/functions.bridge \
+ src/functions/functions.cli \
+diff --git a/src/functions/functions.bird b/src/functions/functions.bird
+new file mode 100644
+index 0000000..9c8b006
+--- /dev/null
++++ b/src/functions/functions.bird
+@@ -0,0 +1,74 @@
++#!/bin/bash
++###############################################################################
++# #
++# IPFire.org - A linux based firewall #
++# Copyright (C) 2018 IPFire Network Development Team #
++# #
++# This program is free software: you can redistribute it and/or modify #
++# it under the terms of the GNU General Public License as published by #
++# the Free Software Foundation, either version 3 of the License, or #
++# (at your option) any later version. #
++# #
++# This program is distributed in the hope that it will be useful, #
++# but WITHOUT ANY WARRANTY; without even the implied warranty of #
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
++# GNU General Public License for more details. #
++# #
++# You should have received a copy of the GNU General Public License #
++# along with this program. If not, see <http://www.gnu.org/licenses/>. #
++# #
++###############################################################################
++
++BIRD_CONF="/etc/bird.conf"
++
++bird_start() {
++ service_start "bird.service"
++}
++
++bird_stop() {
++ service_stop "bird.service"
++}
++
++bird_reload() {
++ service_reload "bird.service"
++}
++
++bird_generate_config() {
++ log DEBUG "Write BIRD configuration file"
++
++ # Write header
++ config_header "bird" > ${BIRD_CONF}
++
++ # Write some basic settings
++ local proto
++ (
++ print "# Log everything to syslog"
++ print "log syslog all;"
++ print
++
++ print "# Turn on internal watchdog"
++ print "watchdog warning 5s;"
++ print "watchdog timeout 30s;"
++ print
++
++ print "# Define default route tables"
++ print "ipv6 table master6;"
++ print "ipv4 table master4;"
++
++ print "# Enable device configuration"
++ print "protocol device {}"
++ print
++
++ print "# Export all routes to kernel"
++ for proto in ipv6 ipv4; do
++ print "protocol kernel {"
++ print " ${proto} {"
++ print " table ${proto/ipv/master};"
++ print " export all;"
++ print " };"
++ print " learn;"
++ print "}"
++ print
++ done
++ ) >> ${BIRD_CONF}
++}
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,146 @@
+From 0a5787976dd85db212fc5046c85d2aad6c64da5c Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 16 Dec 2018 17:47:57 +0000
+Subject: [PATCH 012/304] bird: Apply static routes instead of doing that
+ manually with ip
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.bird | 52 ++++++++++++++++++++++++++++++++-
+ src/functions/functions.route | 38 +++---------------------
+ src/functions/functions.routing | 3 --
+ 3 files changed, 55 insertions(+), 38 deletions(-)
+
+diff --git a/src/functions/functions.bird b/src/functions/functions.bird
+index 9c8b006..c6fea32 100644
+--- a/src/functions/functions.bird
++++ b/src/functions/functions.bird
+@@ -60,7 +60,7 @@ bird_generate_config() {
+ print
+
+ print "# Export all routes to kernel"
+- for proto in ipv6 ipv4; do
++ for proto in ${IP_SUPPORTED_PROTOCOLS}; do
+ print "protocol kernel {"
+ print " ${proto} {"
+ print " table ${proto/ipv/master};"
+@@ -71,4 +71,54 @@ bird_generate_config() {
+ print
+ done
+ ) >> ${BIRD_CONF}
++
++ # Static routes
++ for proto in ${IP_SUPPORTED_PROTOCOLS}; do
++ print "protocol static {"
++ print " ${proto};"
++ print
++
++ # Read routes for this protocol from configuration
++ __bird_static_routes "${proto}"
++
++ print "}"
++ print
++ done >> ${BIRD_CONF}
++}
++
++__bird_static_routes() {
++ local proto="${1}"
++ assert isset proto
++
++ local ${NETWORK_CONFIG_ROUTES_PARAMS}
++ local line
++ while read line; do
++ route_parse_line "${line}"
++ [ $? -eq ${EXIT_OK} ] || continue
++
++ local type
++ local arg
++ for arg in unreachable prohibit blackhole; do
++ if enabled "${arg}"; then
++ type="${arg}"
++ break
++ fi
++ done
++
++ # Skip all routes of another protocol
++ local _proto="$(ip_detect_protocol "${network}")"
++ if [ "${proto}" != "${_proto}" ]; then
++ continue
++ fi
++
++ case "${type}" in
++ unreachable|prohibit|blackhole)
++ print " route ${network} ${type};"
++ ;;
++
++ *)
++ print " route ${network} via ${gateway};"
++ ;;
++ esac
++ done < ${NETWORK_CONFIG_ROUTES}
+ }
+diff --git a/src/functions/functions.route b/src/functions/functions.route
+index 7ca4f59..e6ea244 100644
+--- a/src/functions/functions.route
++++ b/src/functions/functions.route
+@@ -393,41 +393,11 @@ route_parse_line() {
+ }
+
+ route_apply() {
+- local table="static"
+- local type
++ # Re-generate BIRD configuration
++ bird_generate_config
+
+- log DEBUG "Applying static routes..."
+-
+- # Flush the routing table.
+- route_table_flush ${table}
+-
+- local ${NETWORK_CONFIG_ROUTES_PARAMS}
+- local line
+- while read line; do
+- route_parse_line ${line}
+- [ $? -eq ${EXIT_OK} ] || continue
+-
+- type="unicast"
+- local arg
+- for arg in unreachable prohibit blackhole; do
+- if enabled ${arg}; then
+- type="${arg}"
+- break
+- fi
+- done
+-
+- # Add the route.
+- route_entry_add ${network} --table="static" --proto="static" \
+- --type="${type}" --gateway="${gateway}" --mtu="${mtu}"
+- local ret=$?
+-
+- if [ ${ret} -ne ${EXIT_OK} ]; then
+- log WARNING "Could not set route '${network}'."
+- fi
+- done < ${NETWORK_CONFIG_ROUTES}
+-
+- # Create a lookup rule for the static routing table.
+- route_rule_add --lookup="static" --priority=1000
++ # Reload the daemon
++ bird_reload
+ }
+
+ route_entry_add() {
+diff --git a/src/functions/functions.routing b/src/functions/functions.routing
+index 2436585..c7aac09 100644
+--- a/src/functions/functions.routing
++++ b/src/functions/functions.routing
+@@ -181,7 +181,4 @@ routing_update() {
+ cmd ${routing_cmd}
+
+ cmd ${ip_cmd} rule add from ${local_ip_address} lookup ${table}
+-
+- # Apply all static routes
+- route_apply
+ }
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,28 @@
+From eb6b47dcc7d5d541064ad90787ae55df3c3a8453 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 16 Dec 2018 17:55:25 +0000
+Subject: [PATCH 013/304] bird: (Re-)generate configuration when network is
+ initialised
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/network | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/network b/src/network
+index 69d77d5..b8f734e 100644
+--- a/src/network
++++ b/src/network
+@@ -1410,6 +1410,9 @@ case "${action}" in
+ # Update resolv.conf(5) when initializing the network
+ dns_generate_resolvconf
+
++ # Update bird configuration
++ bird_generate_config
++
+ # Also execute all triggers
+ triggers_execute_all "init"
+ ;;
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,32 @@
+From c27b38b437fa82a2227d554f4855c116395995ce Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 13 Feb 2019 17:45:05 +0000
+Subject: [PATCH 014/304] dns: Always enable EDNS0
+
+This is for all DNS queries originating from the firewall.
+
+Since we have had DNS Flag Day, we are expecting all DNS servers
+to support this now. If not, then you are very unlucky.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.dns | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/functions/functions.dns b/src/functions/functions.dns
+index 4cd5cb4..890f1ac 100644
+--- a/src/functions/functions.dns
++++ b/src/functions/functions.dns
+@@ -245,6 +245,9 @@ dns_generate_resolvconf() {
+
+ config_header "resolver configutation file" > ${file}
+
++ # Always enable EDNS0
++ print "option edns0\n" >> "${file}"
++
+ if enabled DNS_RANDOMIZE; then
+ print "option rotate\n" >> ${file}
+ fi
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,27 @@
+From 469bc87f91538d668a32f9c38a3d8b1b4679c7ae Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 18 Mar 2019 19:46:06 +0100
+Subject: [PATCH 015/304] wireless-ap: Use automatic channel selection (ACS) by
+ default
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/wireless-ap | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 32d1a5a..52ca238 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -28,7 +28,7 @@ HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION KEY"
+
+ ADDRESS=$(mac_generate)
+ BROADCAST_SSID=on
+-CHANNEL=1
++CHANNEL=0
+ ENCRYPTION=""
+ KEY=""
+ SSID=
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,102 @@
+From 7b297fb22fb16db920d68224b232e5acc652688a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 18 Mar 2019 19:58:25 +0100
+Subject: [PATCH 016/304] wireless-ap: Allow to disable DFS in configuration
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 10 +++++++++-
+ src/helpers/hostapd-config-helper | 1 +
+ src/hooks/ports/wireless-ap | 16 ++++++++++++++++
+ 3 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 3f64e79..e19f9b3 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -36,6 +36,7 @@ hostapd_config_write() {
+ local broadcast_ssid
+ local channel
+ local country_code="$(wireless_get_reg_domain)"
++ local dfs="on"
+ local encryption
+ local key
+ local mode
+@@ -50,6 +51,9 @@ hostapd_config_write() {
+ --channel=*)
+ channel=$(cli_get_val "${1}")
+ ;;
++ --dfs=*)
++ dfs="$(cli_get_val "${1}")"
++ ;;
+ --encryption=*)
+ encryption=$(cli_get_val "${1}")
+ ;;
+@@ -177,7 +181,11 @@ hostapd_config_write() {
+ print "ieee80211d=1"
+
+ # Enable Radar Detection
+- print "ieee80211h=1"
++ if enabled dfs; then
++ print "ieee80211h=1"
++ else
++ print "ieee80211h=0"
++ fi
+
+ print # empty line
+
+diff --git a/src/helpers/hostapd-config-helper b/src/helpers/hostapd-config-helper
+index cb12af0..30d3456 100644
+--- a/src/helpers/hostapd-config-helper
++++ b/src/helpers/hostapd-config-helper
+@@ -40,6 +40,7 @@ case "${action}" in
+ hostapd_config_write ${port} ${config_file} \
+ --broadcast-ssid="${BROADCAST_SSID}" \
+ --channel="${CHANNEL}" \
++ --dfs="${DFS}" \
+ --encryption="${ENCRYPTION}" \
+ --key="${KEY}" \
+ --mode="${MODE}" \
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 52ca238..49c0a84 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -33,12 +33,16 @@ ENCRYPTION=""
+ KEY=""
+ SSID=
+
++# Perform radar detection by default when possible
++DFS="on"
++
+ hook_check_settings() {
+ assert isset ADDRESS
+ assert ismac ADDRESS
+ assert isset BROADCAST_SSID
+ assert isbool BROADCAST_SSID
+ assert isset CHANNEL
++ assert isbool DFS
+ assert isset MODE
+ assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
+ assert isset PHY
+@@ -63,6 +67,18 @@ hook_parse_cmdline() {
+ --channel=*)
+ CHANNEL=$(cli_get_val "${1}")
+ ;;
++ --dfs=*)
++ DFS="$(cli_get_val "${1}")"
++
++ if enabled DFS; then
++ DFS="on"
++ elif disabled DFS; then
++ DFS="off"
++ else
++ error "Invalid value for DFS: ${DFS}"
++ return ${EXIT_ERROR}
++ fi
++ ;;
+ --encryption=*)
+ ENCRYPTION=$(cli_get_val "${1}")
+ ;;
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,99 @@
+From dc6d97fbf2064365f5b84496a77227b4e3ca03d6 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 18 Mar 2019 20:10:56 +0100
+Subject: [PATCH 017/304] hostapd: Disable DFS automatically when not supported
+ by hardware
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 2 +-
+ src/functions/functions.phy | 22 ++++++++++++++++++++++
+ src/functions/functions.wireless | 13 +++++++++++++
+ src/network | 7 +++++++
+ 4 files changed, 43 insertions(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index e19f9b3..b855994 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -181,7 +181,7 @@ hostapd_config_write() {
+ print "ieee80211d=1"
+
+ # Enable Radar Detection
+- if enabled dfs; then
++ if enabled dfs && wireless_supports_dfs "${device}"; then
+ print "ieee80211h=1"
+ else
+ print "ieee80211h=0"
+diff --git a/src/functions/functions.phy b/src/functions/functions.phy
+index 96287a5..064ca7b 100644
+--- a/src/functions/functions.phy
++++ b/src/functions/functions.phy
+@@ -188,3 +188,25 @@ phy_supports_ht_capability() {
+
+ list_match "${capability}" $(__phy_list_ht_capabilities "${phy}")
+ }
++
++# Returns TRUE if the PHY supports DFS
++phy_supports_dfs() {
++ local phy="${1}"
++ assert isset phy
++
++ local driver="$(phy_get_driver "${phy}")"
++ if ! isset driver; then
++ return ${EXIT_ERROR}
++ fi
++
++ # This is basically a whilelist of drivers which support this
++ # There is no better detection
++ case "${driver}" in
++ ath10k_*|ath9k|ath5k)
++ return ${EXIT_TRUE}
++ ;;
++ *)
++ return ${EXIT_FALSE}
++ ;;
++ esac
++}
+diff --git a/src/functions/functions.wireless b/src/functions/functions.wireless
+index 3608e11..221866e 100644
+--- a/src/functions/functions.wireless
++++ b/src/functions/functions.wireless
+@@ -515,3 +515,16 @@ wireless_get_vht_caps() {
+
+ network-phy-list-vht-caps "${phy}"
+ }
++
++wireless_supports_dfs() {
++ local device="${1}"
++ assert isset device
++
++ local phy="$(device_get_phy "${device}")"
++ if ! isset phy; then
++ log ERROR "Could not determine PHY for ${device}"
++ return ${EXIT_ERROR}
++ fi
++
++ phy_supports_dfs "${phy}"
++}
+diff --git a/src/network b/src/network
+index b8f734e..de2e663 100644
+--- a/src/network
++++ b/src/network
+@@ -277,6 +277,13 @@ cli_device_status_phy() {
+ cli_space
+ fi
+
++ cli_headline 2 "Features"
++
++ cli_print_fmt1 2 "DFS" \
++ "$(phy_supports_dfs "${phy}" && print "Supported" ||Â print "Not Supported")"
++
++ cli_space
++
+ return ${EXIT_OK}
+ }
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,87 @@
+From 54094fc7ae1bc17e8d8361f7758d9404f1eeff02 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 18 Mar 2019 20:50:44 +0100
+Subject: [PATCH 018/304] wireless-ap: Add CLI to set channel bandwidth
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.wireless | 20 ++++++++++++++++++++
+ src/hooks/ports/wireless-ap | 10 ++++++++++
+ 2 files changed, 30 insertions(+)
+
+diff --git a/src/functions/functions.wireless b/src/functions/functions.wireless
+index 221866e..0437d27 100644
+--- a/src/functions/functions.wireless
++++ b/src/functions/functions.wireless
+@@ -29,6 +29,14 @@ WIRELESS_DEFAULT_ENCRYPTION_MODE="NONE"
+ WIRELESS_VALID_ENCRYPTION_MODES="WPA2-PSK-SHA256 WPA2-PSK \
+ WPA-PSK-SHA256 WPA-PSK NONE"
+
++declare -A WIRELESS_CHANNEL_BANDWIDTHS=(
++ ["802.11ac"]="20 40 80 160 80+80"
++ ["802.11a/n"]="20 40"
++ ["802.11a"]="20 40"
++ ["802.11g/n"]="20 40"
++ ["802.11g"]="20 40"
++)
++
+ cli_wireless() {
+ local action=${1}
+ shift 1
+@@ -309,6 +317,18 @@ wireless_channel_is_valid() {
+ return ${EXIT_FALSE}
+ }
+
++wireless_channel_bandwidth_is_valid() {
++ local mode="${1}"
++ assert isset mode
++
++ local bandwidth="${2}"
++ assert isset bandwidth
++
++ local bandwidths="${WIRELESS_CHANNEL_BANDWIDTHS["${mode}"]}"
++
++ list_match "${bandwidth}" ${bandwidths}
++}
++
+ wireless_channel_is_ht40_plus() {
+ local channel="${1}"
+ assert isinteger channel
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 49c0a84..8b626bf 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -29,6 +29,7 @@ HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION KEY"
+ ADDRESS=$(mac_generate)
+ BROADCAST_SSID=on
+ CHANNEL=0
++CHANNEL_BANDWIDTH=
+ ENCRYPTION=""
+ KEY=""
+ SSID=
+@@ -67,6 +68,9 @@ hook_parse_cmdline() {
+ --channel=*)
+ CHANNEL=$(cli_get_val "${1}")
+ ;;
++ --channel-bandwidth=*)
++ CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
++ ;;
+ --dfs=*)
+ DFS="$(cli_get_val "${1}")"
+
+@@ -121,6 +125,12 @@ hook_parse_cmdline() {
+ return ${EXIT_ERROR}
+ fi
+
++ # Channel bandwidth must match the mode
++ if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
++ error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported"
++ return ${EXIT_ERROR}
++ fi
++
+ # Save address of phy do identify it again
+ PHY=$(phy_get ${PHY})
+ PHY=$(phy_get_address ${PHY})
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,29 @@
+From 40c95a6b261e8fdadca97f21ff7cd2a11af3bfb3 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 18 Mar 2019 21:21:37 +0100
+Subject: [PATCH 019/304] wireless-ap: Forgot to add configuration variables to
+ file
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/wireless-ap | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 8b626bf..5e00014 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -23,8 +23,8 @@
+
+ HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
+
+-HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL MODE PHY SSID"
+-HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION KEY"
++HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
++HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION KEY SSID"
+
+ ADDRESS=$(mac_generate)
+ BROADCAST_SSID=on
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,109 @@
+From f9e980d91e081613e5dcc7899c28fbdfc7a4c172 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 18 Mar 2019 21:24:02 +0100
+Subject: [PATCH 020/304] hostapd: Apply channel bandwidth to configuration
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 26 ++++++++++++++++++++++++++
+ src/helpers/hostapd-config-helper | 1 +
+ src/hooks/ports/wireless-ap | 2 +-
+ 3 files changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index b855994..57f8c1e 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -35,6 +35,7 @@ hostapd_config_write() {
+
+ local broadcast_ssid
+ local channel
++ local channel_bandwidth
+ local country_code="$(wireless_get_reg_domain)"
+ local dfs="on"
+ local encryption
+@@ -51,6 +52,9 @@ hostapd_config_write() {
+ --channel=*)
+ channel=$(cli_get_val "${1}")
+ ;;
++ --channel-bandwidth=*)
++ channel_bandwidth="$(cli_get_val "${1}")"
++ ;;
+ --dfs=*)
+ dfs="$(cli_get_val "${1}")"
+ ;;
+@@ -107,10 +111,17 @@ hostapd_config_write() {
+ assert isset key
+ fi
+
++ # Check channel bandwidth for validity
++ if isset channel_bandwidth && ! wireless_channel_bandwidth_is_valid "${mode}" "${channel_bandwidth}"; then
++ error "Invalid channel bandwidth for ${mode}: ${channel_bandwidth}"
++ return ${EXIT_ERROR}
++ fi
++
+ # 802.11ac/n flags
+ local ieee80211ac
+ local ieee80211n
+ local vht_caps
++ local vht_oper_chwidth="0"
+ local ht_caps
+
+ local hw_mode
+@@ -149,6 +160,18 @@ hostapd_config_write() {
+
+ # Fetch HT caps
+ ht_caps="$(wireless_get_ht_caps "${device}")"
++
++ case "${channel_bandwidth}" in
++ 80)
++ vht_oper_chwidth="1"
++ ;;
++ 160)
++ vht_oper_chwidth="2"
++ ;;
++ 80+80)
++ vht_oper_chwidth="3"
++ ;;
++ esac
+ ;;
+ esac
+
+@@ -221,6 +244,9 @@ hostapd_config_write() {
+ # Enable HT caps
+ print "ht_capab=${ht_caps}"
+
++ # Wider Channels
++ print "vht_oper_chwidth=${vht_oper_chwidth}"
++
+ print
+ ) >> ${file}
+
+diff --git a/src/helpers/hostapd-config-helper b/src/helpers/hostapd-config-helper
+index 30d3456..8af3097 100644
+--- a/src/helpers/hostapd-config-helper
++++ b/src/helpers/hostapd-config-helper
+@@ -40,6 +40,7 @@ case "${action}" in
+ hostapd_config_write ${port} ${config_file} \
+ --broadcast-ssid="${BROADCAST_SSID}" \
+ --channel="${CHANNEL}" \
++ --channel-bandwidth="${CHANNEL_BANDWIDTH}" \
+ --dfs="${DFS}" \
+ --encryption="${ENCRYPTION}" \
+ --key="${KEY}" \
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 5e00014..983f0f9 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -127,7 +127,7 @@ hook_parse_cmdline() {
+
+ # Channel bandwidth must match the mode
+ if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
+- error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported"
++ error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
+ return ${EXIT_ERROR}
+ fi
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,117 @@
+From 1b4aa2ca01c5d0bd45213187e6a58b4cc0f57547 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 21 Mar 2019 20:22:56 +0100
+Subject: [PATCH 021/304] wireless-ap: Enable ACS only for ath* devices
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 6 ++++++
+ src/functions/functions.phy | 22 ++++++++++++++++++++++
+ src/functions/functions.wireless | 13 +++++++++++++
+ src/hooks/ports/wireless-ap | 9 ++++++++-
+ 4 files changed, 49 insertions(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 57f8c1e..9024ab2 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -111,6 +111,12 @@ hostapd_config_write() {
+ assert isset key
+ fi
+
++ # With channel 0, ACS must be supported
++ if [ ${channel} -eq 0 ] && ! wireless_supports_acs "${device}"; then
++ error "ACS requested, but not supported by ${device}"
++ return ${EXIT_ERROR}
++ fi
++
+ # Check channel bandwidth for validity
+ if isset channel_bandwidth && ! wireless_channel_bandwidth_is_valid "${mode}" "${channel_bandwidth}"; then
+ error "Invalid channel bandwidth for ${mode}: ${channel_bandwidth}"
+diff --git a/src/functions/functions.phy b/src/functions/functions.phy
+index 064ca7b..ee0f2a2 100644
+--- a/src/functions/functions.phy
++++ b/src/functions/functions.phy
+@@ -189,6 +189,28 @@ phy_supports_ht_capability() {
+ list_match "${capability}" $(__phy_list_ht_capabilities "${phy}")
+ }
+
++# Returns TRUE if the PHY supports ACS
++phy_supports_acs() {
++ local phy="${1}"
++ assert isset phy
++
++ local driver="$(phy_get_driver "${phy}")"
++ if ! isset driver; then
++ return ${EXIT_ERROR}
++ fi
++
++ # This is basically a whilelist of drivers which support this
++ # There is no better detection
++ case "${driver}" in
++ ath10k_*|ath9k|ath5k)
++ return ${EXIT_TRUE}
++ ;;
++ *)
++ return ${EXIT_FALSE}
++ ;;
++ esac
++}
++
+ # Returns TRUE if the PHY supports DFS
+ phy_supports_dfs() {
+ local phy="${1}"
+diff --git a/src/functions/functions.wireless b/src/functions/functions.wireless
+index 0437d27..9e72fe0 100644
+--- a/src/functions/functions.wireless
++++ b/src/functions/functions.wireless
+@@ -536,6 +536,19 @@ wireless_get_vht_caps() {
+ network-phy-list-vht-caps "${phy}"
+ }
+
++wireless_supports_acs() {
++ local device="${1}"
++ assert isset device
++
++ local phy="$(device_get_phy "${device}")"
++ if ! isset phy; then
++ log ERROR "Could not determine PHY for ${device}"
++ return ${EXIT_ERROR}
++ fi
++
++ phy_supports_acs "${phy}"
++}
++
+ wireless_supports_dfs() {
+ local device="${1}"
+ assert isset device
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 983f0f9..0c42b61 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -28,7 +28,7 @@ HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION KEY SSID"
+
+ ADDRESS=$(mac_generate)
+ BROADCAST_SSID=on
+-CHANNEL=0
++CHANNEL=
+ CHANNEL_BANDWIDTH=
+ ENCRYPTION=""
+ KEY=""
+@@ -125,6 +125,13 @@ hook_parse_cmdline() {
+ return ${EXIT_ERROR}
+ fi
+
++ # Automatically enable ACS if no channel is set and ACS is available
++ if ! isset CHANNEL && phy_supports_acs "${PHY}"; then
++ CHANNEL="0"
++
++ log INFO "Automatic Channel Selection (ACS) enabled"
++ fi
++
+ # Channel bandwidth must match the mode
+ if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
+ error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,164 @@
+From 7842c2ce43d1f185e65bb9f2beead96376e2bd34 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 21 Mar 2019 22:14:43 +0100
+Subject: [PATCH 022/304] wireless-ap: Allow setting the wireless environment
+ (indoor/outdoor)
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 26 +++++++++++++++++++++++++-
+ src/functions/functions.wireless | 9 +++++++++
+ src/helpers/hostapd-config-helper | 1 +
+ src/hooks/ports/wireless-ap | 14 +++++++++++++-
+ 4 files changed, 48 insertions(+), 2 deletions(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 9024ab2..94b06db 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -39,6 +39,7 @@ hostapd_config_write() {
+ local country_code="$(wireless_get_reg_domain)"
+ local dfs="on"
+ local encryption
++ local environment="${WIRELESS_DEFAULT_ENVIRONMENT}"
+ local key
+ local mode
+ local ssid
+@@ -61,6 +62,9 @@ hostapd_config_write() {
+ --encryption=*)
+ encryption=$(cli_get_val "${1}")
+ ;;
++ --environment=*)
++ environment="$(cli_get_val "${1}")"
++ ;;
+ --key=*)
+ key=$(cli_get_val "${1}")
+ ;;
+@@ -111,6 +115,12 @@ hostapd_config_write() {
+ assert isset key
+ fi
+
++ # Check wireless environment
++ if ! wireless_environment_is_valid "${environment}"; then
++ error "Invalid wireless environment: ${environment}"
++ return ${EXIT_ERROR}
++ fi
++
+ # With channel 0, ACS must be supported
+ if [ ${channel} -eq 0 ] && ! wireless_supports_acs "${device}"; then
+ error "ACS requested, but not supported by ${device}"
+@@ -208,6 +218,21 @@ hostapd_config_write() {
+
+ # Advertise country code and maximum transmission power
+ print "ieee80211d=1"
++ print "country_code=${country_code}"
++
++ # Wireless Environment
++ case "${environment}" in
++ indoor)
++ print "country3=0x49"
++ country3
++ ;;
++ outdoor)
++ print "country3=0x4f"
++ ;;
++ indoor+outdoor)
++ print "country3=0x20"
++ ;;
++ esac
+
+ # Enable Radar Detection
+ if enabled dfs && wireless_supports_dfs "${device}"; then
+@@ -230,7 +255,6 @@ hostapd_config_write() {
+ fi
+
+ print "channel=${channel}"
+- print "country_code=${country_code}"
+ print "ignore_broadcast_ssid=${ignore_broadcast_ssid}"
+
+ if contains_spaces "${ssid}"; then
+diff --git a/src/functions/functions.wireless b/src/functions/functions.wireless
+index 9e72fe0..12204c0 100644
+--- a/src/functions/functions.wireless
++++ b/src/functions/functions.wireless
+@@ -37,6 +37,9 @@ declare -A WIRELESS_CHANNEL_BANDWIDTHS=(
+ ["802.11g"]="20 40"
+ )
+
++WIRELESS_ENVIRONMENTS=( "indoor+outdoor" "indoor" "outdoor" )
++WIRELESS_DEFAULT_ENVIRONMENT="${WIRELESS_ENVIRONMENTS[0]}"
++
+ cli_wireless() {
+ local action=${1}
+ shift 1
+@@ -561,3 +564,9 @@ wireless_supports_dfs() {
+
+ phy_supports_dfs "${phy}"
+ }
++
++wireless_environment_is_valid() {
++ local environment="${1}"
++
++ list_match "${environment}" "${WIRELESS_ENVIRONMENTS[@]}"
++}
+diff --git a/src/helpers/hostapd-config-helper b/src/helpers/hostapd-config-helper
+index 8af3097..d3292c3 100644
+--- a/src/helpers/hostapd-config-helper
++++ b/src/helpers/hostapd-config-helper
+@@ -43,6 +43,7 @@ case "${action}" in
+ --channel-bandwidth="${CHANNEL_BANDWIDTH}" \
+ --dfs="${DFS}" \
+ --encryption="${ENCRYPTION}" \
++ --environment="${ENVIRONMENT}" \
+ --key="${KEY}" \
+ --mode="${MODE}" \
+ --ssid="${SSID}" \
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 0c42b61..6db39b8 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -24,7 +24,7 @@
+ HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
+
+ HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
+-HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION KEY SSID"
++HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID"
+
+ ADDRESS=$(mac_generate)
+ BROADCAST_SSID=on
+@@ -37,6 +37,8 @@ SSID=
+ # Perform radar detection by default when possible
+ DFS="on"
+
++ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
++
+ hook_check_settings() {
+ assert isset ADDRESS
+ assert ismac ADDRESS
+@@ -57,6 +59,8 @@ hook_check_settings() {
+ assert [ ${#KEY} -ge 8 ]
+ assert [ ${#KEY} -le 63 ]
+ fi
++
++ assert wireless_environment_is_valid "${ENVIRONMENT}"
+ }
+
+ hook_parse_cmdline() {
+@@ -86,6 +90,14 @@ hook_parse_cmdline() {
+ --encryption=*)
+ ENCRYPTION=$(cli_get_val "${1}")
+ ;;
++ --environment=*)
++ ENVIRONMENT="$(cli_get_val "${1}")"
++
++ if ! wireless_environment_is_valid "${ENVIRONMENT}"; then
++ error "Invalid wireless environment: ${ENVIRONMENT}"
++ return ${EXIT_ERROR}
++ fi
++ ;;
+ --key=*)
+ KEY=$(cli_get_val "${1}")
+ ;;
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,26 @@
+From 09f00f0df436a3280b93b7570c6b9ae3152cf21e Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 22 Mar 2019 11:40:32 +0100
+Subject: [PATCH 023/304] hostapd: Remove now useless comment
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 94b06db..eb177fe 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -214,8 +214,6 @@ hostapd_config_write() {
+ fi
+
+ (
+- print "# Default settings"
+-
+ # Advertise country code and maximum transmission power
+ print "ieee80211d=1"
+ print "country_code=${country_code}"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,30 @@
+From 9602617288e200c0935d5888746f58c23b2f7af7 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 22 Mar 2019 11:45:03 +0100
+Subject: [PATCH 024/304] hostapd: Always enable Transmit Power Control
+
+Also advertise this to clients
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index eb177fe..dd52e56 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -232,6 +232,10 @@ hostapd_config_write() {
+ ;;
+ esac
+
++ # Always advertise TPC
++ print "local_pwr_constraint=3"
++ print "spectrum_mgmt_required=1"
++
+ # Enable Radar Detection
+ if enabled dfs && wireless_supports_dfs "${device}"; then
+ print "ieee80211h=1"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,72 @@
+From fcdbed86e00c02550682c110d768ff9a557ba8d7 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 22 Mar 2019 12:02:25 +0100
+Subject: [PATCH 025/304] hostapd: Set default WMM settings
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 47 ++++++++++++++++++++++++++++++++-
+ 1 file changed, 46 insertions(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index dd52e56..911a141 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -265,8 +265,53 @@ hostapd_config_write() {
+ print "ssid=${ssid}"
+ fi
+
+- # WMM
++ # WMM & WMM-PS Unscheduled Automatic Power Save Delivery
+ print "wmm_enabled=${wmm}"
++ print "uapsd_advertisement_enabled=1"
++
++ # Low Priority / AC_BK = Background
++ print "wmm_ac_bk_cwmin=4"
++ print "wmm_ac_bk_cwmax=10"
++ print "wmm_ac_bk_aifs=7"
++ print "wmm_ac_bk_txop_limit=0"
++ print "wmm_ac_bk_acm=0"
++ print "tx_queue_data3_aifs=7"
++ print "tx_queue_data3_cwmin=15"
++ print "tx_queue_data3_cwmax=1023"
++ print "tx_queue_data3_burst=0"
++
++ # Normal Priority / AC_BE = Best Effort
++ print "wmm_ac_be_aifs=3"
++ print "wmm_ac_be_cwmin=4"
++ print "wmm_ac_be_cwmax=10"
++ print "wmm_ac_be_txop_limit=0"
++ print "wmm_ac_be_acm=0"
++ print "tx_queue_data2_aifs=3"
++ print "tx_queue_data2_cwmin=15"
++ print "tx_queue_data2_cwmax=63"
++ print "tx_queue_data2_burst=0"
++
++ # High Priority / AC_VI = Video
++ print "wmm_ac_vi_aifs=2"
++ print "wmm_ac_vi_cwmin=3"
++ print "wmm_ac_vi_cwmax=4"
++ print "wmm_ac_vi_txop_limit=94"
++ print "wmm_ac_vi_acm=0"
++ print "tx_queue_data1_aifs=1"
++ print "tx_queue_data1_cwmin=7"
++ print "tx_queue_data1_cwmax=15"
++ print "tx_queue_data1_burst=3.0"
++
++ # Highest Priority / AC_VO = Voice
++ print "wmm_ac_vo_aifs=2"
++ print "wmm_ac_vo_cwmin=2"
++ print "wmm_ac_vo_cwmax=3"
++ print "wmm_ac_vo_txop_limit=47"
++ print "wmm_ac_vo_acm=0"
++ print "tx_queue_data0_aifs=1"
++ print "tx_queue_data0_cwmin=3"
++ print "tx_queue_data0_cwmax=7"
++ print "tx_queue_data0_burst=1.5"
+
+ # Enable VHT caps
+ if isset vht_caps; then
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,27 @@
+From 4d4bca7eec3d036e1cbed28fc823d06d08008d78 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 22 Mar 2019 12:02:46 +0100
+Subject: [PATCH 026/304] hostapd: Kick stations that are too far away
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 911a141..8b281cc 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -265,6 +265,9 @@ hostapd_config_write() {
+ print "ssid=${ssid}"
+ fi
+
++ # Kick stations that are too far away
++ print "disassoc_low_ack=1"
++
+ # WMM & WMM-PS Unscheduled Automatic Power Save Delivery
+ print "wmm_enabled=${wmm}"
+ print "uapsd_advertisement_enabled=1"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,34 @@
+From 4873f3299807fb0fde7c7f71736dd9318c708ca1 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 22 Mar 2019 12:08:08 +0100
+Subject: [PATCH 027/304] hostapd: Always qoute SSID
+
+hostapd has a new parameter that always allows us to set
+the SSID as a quoted UTF8 string
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 8b281cc..245b4cf 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -259,11 +259,8 @@ hostapd_config_write() {
+ print "channel=${channel}"
+ print "ignore_broadcast_ssid=${ignore_broadcast_ssid}"
+
+- if contains_spaces "${ssid}"; then
+- print "ssid=\"${ssid}\""
+- else
+- print "ssid=${ssid}"
+- fi
++ print "ssid2=\"${ssid}\""
++ print "utf8_ssid=1"
+
+ # Kick stations that are too far away
+ print "disassoc_low_ack=1"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,130 @@
+From 34ca39360410ab03c7909494e6291bbb65622e3d Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 22 Mar 2019 12:27:38 +0100
+Subject: [PATCH 028/304] wireless-ap: Allow to enable/disable 802.11w
+ Management Frame Protection
+
+This is disabled by default, because loads of stations have issues
+associating with an AP that has 802.11w enabled.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 17 +++++++++++++++++
+ src/helpers/hostapd-config-helper | 1 +
+ src/hooks/ports/wireless-ap | 18 ++++++++++++++++++
+ 3 files changed, 36 insertions(+)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 245b4cf..bf0c5fc 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -41,6 +41,7 @@ hostapd_config_write() {
+ local encryption
+ local environment="${WIRELESS_DEFAULT_ENVIRONMENT}"
+ local key
++ local mfp="off"
+ local mode
+ local ssid
+ local wmm="1"
+@@ -68,6 +69,9 @@ hostapd_config_write() {
+ --key=*)
+ key=$(cli_get_val "${1}")
+ ;;
++ --mfp=*)
++ mfp="$(cli_get_val "${1}")"
++ ;;
+ --mode=*)
+ mode=$(cli_get_val "${1}")
+
+@@ -133,6 +137,12 @@ hostapd_config_write() {
+ return ${EXIT_ERROR}
+ fi
+
++ # Management Frame Proection
++ if ! isbool mfp; then
++ error "Invalid value for --mfp: ${mfp}"
++ return ${EXIT_ERROR}
++ fi
++
+ # 802.11ac/n flags
+ local ieee80211ac
+ local ieee80211n
+@@ -325,6 +335,13 @@ hostapd_config_write() {
+ print "vht_oper_chwidth=${vht_oper_chwidth}"
+
+ print
++
++ # 802.11w - Management Frame Protection (MFP)
++ if enabled mfp; then
++ print "ieee80211w=2" # required
++ else
++ print "ieee80211w=0"
++ fi
+ ) >> ${file}
+
+ # Control interface.
+diff --git a/src/helpers/hostapd-config-helper b/src/helpers/hostapd-config-helper
+index d3292c3..7af723d 100644
+--- a/src/helpers/hostapd-config-helper
++++ b/src/helpers/hostapd-config-helper
+@@ -45,6 +45,7 @@ case "${action}" in
+ --encryption="${ENCRYPTION}" \
+ --environment="${ENVIRONMENT}" \
+ --key="${KEY}" \
++ --mfp="${MFP}" \
+ --mode="${MODE}" \
+ --ssid="${SSID}" \
+ || exit $?
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 6db39b8..7073cbc 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -25,6 +25,7 @@ HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
+
+ HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
+ HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID"
++HOOK_SETTINGS="${HOOK_SETTINGS} MFP"
+
+ ADDRESS=$(mac_generate)
+ BROADCAST_SSID=on
+@@ -37,6 +38,10 @@ SSID=
+ # Perform radar detection by default when possible
+ DFS="on"
+
++# 802.11w - Management Frame Protection
++# Disable by default because many clients cannot connect when enabled
++MFP="off"
++
+ ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
+
+ hook_check_settings() {
+@@ -46,6 +51,7 @@ hook_check_settings() {
+ assert isbool BROADCAST_SSID
+ assert isset CHANNEL
+ assert isbool DFS
++ assert isbool MFP
+ assert isset MODE
+ assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
+ assert isset PHY
+@@ -104,6 +110,18 @@ hook_parse_cmdline() {
+ --mac=*)
+ ADDRESS=$(cli_get_val "${1}")
+ ;;
++ --mfp=*)
++ MFP="$(cli_get_val "${1}")"
++
++ if enabled MFP; then
++ MFP="on"
++ elif disabled MFP; then
++ MFP="off"
++ else
++ error "Invalid value for --mfp: ${MFP}"
++ return ${EXIT_ERROR}
++ fi
++ ;;
+ --mode=*)
+ MODE=$(cli_get_val "${1}")
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,26 @@
+From 304b20a828e0987943ccda6f1c4321682195a67a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 29 Mar 2019 18:46:25 +0100
+Subject: [PATCH 029/304] network: Show when a PHY supports ACS
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/network | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/src/network b/src/network
+index de2e663..3535133 100644
+--- a/src/network
++++ b/src/network
+@@ -279,6 +279,8 @@ cli_device_status_phy() {
+
+ cli_headline 2 "Features"
+
++ cli_print_fmt1 2 "Automatic Channel Selection" \
++ "$(phy_supports_acs "${phy}" && print "Supported" ||Â print "Not Supported")"
+ cli_print_fmt1 2 "DFS" \
+ "$(phy_supports_dfs "${phy}" && print "Supported" ||Â print "Not Supported")"
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,112 @@
+From 01648ba604f9d0c922193553cfcb36dae0bfddaf Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 29 Mar 2019 18:47:47 +0100
+Subject: [PATCH 030/304] Move cli_device_status_phy() to functions.phy
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.phy | 38 +++++++++++++++++++++++++++++++++++++
+ src/network | 38 -------------------------------------
+ 2 files changed, 38 insertions(+), 38 deletions(-)
+
+diff --git a/src/functions/functions.phy b/src/functions/functions.phy
+index ee0f2a2..120117c 100644
+--- a/src/functions/functions.phy
++++ b/src/functions/functions.phy
+@@ -21,6 +21,44 @@
+
+ PHY_DIR="/sys/class/ieee80211"
+
++cli_device_status_phy() {
++ local phy="${1}"
++ assert phy_exists "${phy}"
++
++ local address="$(phy_get_address "${phy}")"
++ cli_print_fmt1 1 "Address" "${address}"
++
++ # Show kernel module
++ local driver="$(phy_get_driver "${phy}")"
++ if isset driver; then
++ cli_print_fmt1 1 "Driver" "${driver}"
++ fi
++
++ cli_space
++
++ local devices="$(phy_get_devices "${phy}")"
++ if isset devices; then
++ cli_headline 2 "Soft interfaces"
++
++ local device
++ for device in ${devices}; do
++ cli_print 2 "* %s" "${device}"
++ done
++ cli_space
++ fi
++
++ cli_headline 2 "Features"
++
++ cli_print_fmt1 2 "Automatic Channel Selection" \
++ "$(phy_supports_acs "${phy}" && print "Supported" ||Â print "Not Supported")"
++ cli_print_fmt1 2 "DFS" \
++ "$(phy_supports_dfs "${phy}" && print "Supported" ||Â print "Not Supported")"
++
++ cli_space
++
++ return ${EXIT_OK}
++}
++
+ phy_dir() {
+ local phy=${1}
+
+diff --git a/src/network b/src/network
+index 3535133..300ba94 100644
+--- a/src/network
++++ b/src/network
+@@ -251,44 +251,6 @@ cli_device_status_serial() {
+ fi
+ }
+
+-cli_device_status_phy() {
+- local phy="${1}"
+- assert phy_exists "${phy}"
+-
+- local address="$(phy_get_address "${phy}")"
+- cli_print_fmt1 1 "Address" "${address}"
+-
+- # Show kernel module
+- local driver="$(phy_get_driver "${phy}")"
+- if isset driver; then
+- cli_print_fmt1 1 "Driver" "${driver}"
+- fi
+-
+- cli_space
+-
+- local devices="$(phy_get_devices "${phy}")"
+- if isset devices; then
+- cli_headline 2 "Soft interfaces"
+-
+- local device
+- for device in ${devices}; do
+- cli_print 2 "* %s" "${device}"
+- done
+- cli_space
+- fi
+-
+- cli_headline 2 "Features"
+-
+- cli_print_fmt1 2 "Automatic Channel Selection" \
+- "$(phy_supports_acs "${phy}" && print "Supported" ||Â print "Not Supported")"
+- cli_print_fmt1 2 "DFS" \
+- "$(phy_supports_dfs "${phy}" && print "Supported" ||Â print "Not Supported")"
+-
+- cli_space
+-
+- return ${EXIT_OK}
+-}
+-
+ cli_device_discover() {
+ local device=${1}
+ shift
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,52 @@
+From 7c91c167d10cbe3d390f0dc8c426eed0abf243b4 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 11:26:38 +0100
+Subject: [PATCH 031/304] hostapd: Dump config file in debug mode
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 3 +++
+ src/functions/functions.util | 13 +++++++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index bf0c5fc..737bd1a 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -378,6 +378,9 @@ hostapd_config_write() {
+ ) >> ${file}
+ fi
+
++ # Log configuration file
++ file_to_log DEBUG "${file}"
++
+ return ${EXIT_OK}
+ }
+
+diff --git a/src/functions/functions.util b/src/functions/functions.util
+index b767423..4c1dbb4 100644
+--- a/src/functions/functions.util
++++ b/src/functions/functions.util
+@@ -248,6 +248,19 @@ file_get_age() {
+ return ${EXIT_ERROR}
+ }
+
++file_to_log() {
++ local level="${1}"
++ assert isset level
++
++ local file="${2}"
++ assert file_exists "${file}"
++
++ local line
++ while read line; do
++ log "${level}" "${line}"
++ done < "${file}"
++}
++
+ make_directory() {
+ local path="${1}"
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,519 @@
+From 2e4e3c88ba2543e5bf4bf3f92977990c281a00bb Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 11:27:50 +0100
+Subject: [PATCH 032/304] wireless-ap: Automatically enable all supported
+ ciphers
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 7 ++
+ src/functions/functions.hostapd | 65 +++++++++++-
+ src/functions/functions.phy | 17 +++
+ src/libnetwork/libnetwork.sym | 37 ++++---
+ src/libnetwork/network/phy.h | 22 ++++
+ src/libnetwork/phy.c | 149 +++++++++++++++++++++++++++
+ src/utils/.gitignore | 1 +
+ src/utils/network-phy-list-ciphers.c | 61 +++++++++++
+ 8 files changed, 340 insertions(+), 19 deletions(-)
+ create mode 100644 src/utils/network-phy-list-ciphers.c
+
+diff --git a/Makefile.am b/Makefile.am
+index 0139f95..1b5e7e9 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -301,6 +301,7 @@ EXTRA_DIST += \
+
+ util_PROGRAMS = \
+ src/utils/network-phy-list-channels \
++ src/utils/network-phy-list-ciphers \
+ src/utils/network-phy-list-ht-caps \
+ src/utils/network-phy-list-vht-caps
+
+@@ -310,6 +311,12 @@ src_utils_network_phy_list_channels_SOURCES = \
+ src_utils_network_phy_list_channels_LDADD = \
+ src/libnetwork.la
+
++src_utils_network_phy_list_ciphers_SOURCES = \
++ src/utils/network-phy-list-ciphers.c
++
++src_utils_network_phy_list_ciphers_LDADD = \
++ src/libnetwork.la
++
+ src_utils_network_phy_list_ht_caps_SOURCES = \
+ src/utils/network-phy-list-ht-caps.c
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 737bd1a..6111457 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -23,6 +23,19 @@ HOSTAPD_CONTROL_INTERFACE_DIR="/run/hostapd/ctrl"
+
+ HOSTAPD_SUPPORTED_MODES="802.11a 802.11a/n 802.11ac 802.11g 802.11g/n"
+
++HOSTAPD_SUPPORTED_PAIRWISE_CIPHERS=(
++ "GCMP-256" # Galois/counter mode protocol with 256 bit key
++ "CCMP-256" # AES in Counter mode with CBC-MAC with 256 bit key
++ "GCMP-128" # Galois/counter mode protocol with 128 bit key
++ "CCMP-128" # AES in Counter mode with CBC-MAC with 128 bit key
++)
++
++# This must be supported by all stations on the network and therefore
++# can effectively only be CCMP
++HOSTAPD_SUPPORTED_GROUP_CIPHERS=(
++ "CCMP-128"
++)
++
+ hostapd_config_write() {
+ local device=${1}
+ assert isset device
+@@ -33,6 +46,16 @@ hostapd_config_write() {
+ # Shift the device and file argument.
+ shift 2
+
++ # Device must exist
++ if ! device_exists "${device}"; then
++ error "Cannot write hostapd configuration for non-existant device: ${device}"
++ return ${EXIT_ERROR}
++ fi
++
++ # Get the phy for device
++ local phy="$(device_get_phy "${device}")"
++ assert isset phy
++
+ local broadcast_ssid
+ local channel
+ local channel_bandwidth
+@@ -201,6 +224,25 @@ hostapd_config_write() {
+ ;;
+ esac
+
++ # Cryptography
++ local cipher
++
++ # Get all supported pairwise ciphers
++ local pairwise_ciphers=()
++ for cipher in ${HOSTAPD_SUPPORTED_PAIRWISE_CIPHERS[*]}; do
++ if phy_supports_cipher "${phy}" "${cipher}"; then
++ pairwise_ciphers+=( "$(hostapd_cipher_name "${cipher}")" )
++ fi
++ done
++
++ # Get all supported group ciphers
++ local group_ciphers=()
++ for cipher in ${HOSTAPD_SUPPORTED_GROUP_CIPHERS[*]}; do
++ if phy_supports_cipher "${phy}" "${cipher}"; then
++ group_ciphers+=( "$(hostapd_cipher_name "${cipher}")" )
++ fi
++ done
++
+ # Create configuration directory.
+ local config_dir=$(dirname ${file})
+ mkdir -p ${HOSTAPD_CONTROL_INTERFACE_DIR} ${config_dir} 2>/dev/null
+@@ -372,8 +414,9 @@ hostapd_config_write() {
+ print "wpa=${encryption_mode}"
+ print "wpa_passphrase=${key}"
+ print "wpa_key_mgmt=WPA-PSK"
+- print "wpa_pairwise=TKIP"
+- print "rsn_pairwise=CCMP"
++ print "wpa_pairwise=${pairwise_ciphers[*]}"
++ print "rsn_pairwise=${pairwise_ciphers[*]}"
++ print "group_cipher=${group_ciphers[*]}"
+ print
+ ) >> ${file}
+ fi
+@@ -407,3 +450,21 @@ hostapd_stop() {
+
+ service_stop "hostapd@${device}.service"
+ }
++
++hostapd_cipher_name() {
++ local cipher="${1}"
++
++ case "${cipher}" in
++ CCMP-128)
++ print "CCMP"
++ ;;
++
++ GCMP-128)
++ print "GCMP"
++ ;;
++
++ *)
++ print "${cipher}"
++ ;;
++ esac
++}
+diff --git a/src/functions/functions.phy b/src/functions/functions.phy
+index 120117c..c06389c 100644
+--- a/src/functions/functions.phy
++++ b/src/functions/functions.phy
+@@ -208,6 +208,23 @@ phy_supports_channel() {
+ return ${EXIT_FALSE}
+ }
+
++phy_list_ciphers() {
++ local phy="${1}"
++ assert isset phy
++
++ network-phy-list-ciphers "${phy}"
++}
++
++phy_supports_cipher() {
++ local phy="${1}"
++ assert isset phy
++
++ local cipher="${2}"
++ assert isset cipher
++
++ list_match "${cipher}" $(phy_list_ciphers "${phy}")
++}
++
+ __phy_list_ht_capabilities() {
+ local phy="${1}"
+ assert isset phy
+diff --git a/src/libnetwork/libnetwork.sym b/src/libnetwork/libnetwork.sym
+index 593c4a2..034d43f 100644
+--- a/src/libnetwork/libnetwork.sym
++++ b/src/libnetwork/libnetwork.sym
+@@ -1,21 +1,24 @@
+ LIBNETWORK_0 {
+ global:
+- network_interface_get_name;
+- network_interface_new;
+- network_interface_ref;
+- network_interface_unref;
+- network_new;
+- network_phy_has_ht_capability;
+- network_phy_has_vht_capability;
+- network_phy_list_channels;
+- network_phy_list_ht_capabilities;
+- network_phy_list_vht_capabilities;
+- network_phy_new;
+- network_phy_ref;
+- network_phy_unref;
+- network_ref;
+- network_unref;
+- network_version;
++ network_interface_get_name;
++ network_interface_new;
++ network_interface_ref;
++ network_interface_unref;
++ network_new;
++ network_phy_get_cipher_string;
++ network_phy_has_ht_capability;
++ network_phy_has_vht_capability;
++ network_phy_list_channels;
++ network_phy_list_ciphers;
++ network_phy_list_ht_capabilities;
++ network_phy_list_vht_capabilities;
++ network_phy_supports_cipher;
++ network_phy_new;
++ network_phy_ref;
++ network_phy_unref;
++ network_ref;
++ network_unref;
++ network_version;
+ local:
+- *;
++ *;
+ };
+diff --git a/src/libnetwork/network/phy.h b/src/libnetwork/network/phy.h
+index 9059680..bc6dafb 100644
+--- a/src/libnetwork/network/phy.h
++++ b/src/libnetwork/network/phy.h
+@@ -30,6 +30,25 @@ int network_phy_new(struct network_ctx*, struct network_phy** phy, const char* n
+ struct network_phy* network_phy_ref(struct network_phy* phy);
+ struct network_phy* network_phy_unref(struct network_phy* phy);
+
++enum network_phy_ciphers {
++ NETWORK_PHY_CIPHER_WEP40 = (1 << 0),
++ NETWORK_PHY_CIPHER_TKIP = (1 << 1),
++ NETWORK_PHY_CIPHER_CCMP128 = (1 << 2),
++ NETWORK_PHY_CIPHER_WEP104 = (1 << 3),
++ NETWORK_PHY_CIPHER_CMAC128 = (1 << 4),
++ NETWORK_PHY_CIPHER_GCMP128 = (1 << 5),
++ NETWORK_PHY_CIPHER_GCMP256 = (1 << 6),
++ NETWORK_PHY_CIPHER_CCMP256 = (1 << 7),
++ NETWORK_PHY_CIPHER_GMAC128 = (1 << 8),
++ NETWORK_PHY_CIPHER_GMAC256 = (1 << 9),
++ NETWORK_PHY_CIPHER_CMAC256 = (1 << 10),
++ NETWORK_PHY_CIPHER_WPISMS4 = (1 << 11),
++};
++
++const char* network_phy_get_cipher_string(const enum network_phy_ciphers cipher);
++int network_phy_supports_cipher(struct network_phy* phy, const enum network_phy_ciphers cipher);
++char* network_phy_list_ciphers(struct network_phy* phy);
++
+ enum network_phy_ht_caps {
+ NETWORK_PHY_HT_CAP_RX_LDPC = (1 << 0),
+ NETWORK_PHY_HT_CAP_HT40 = (1 << 1),
+@@ -81,6 +100,9 @@ char* network_phy_list_ht_capabilities(struct network_phy* phy);
+ struct nl_msg* network_phy_make_netlink_message(struct network_phy* phy,
+ enum nl80211_commands cmd, int flags);
+
++#define foreach_cipher(cipher) \
++ for(enum network_phy_ciphers cipher = NETWORK_PHY_CIPHER_WEP40; cipher <= NETWORK_PHY_CIPHER_WPISMS4; cipher <<= 1)
++
+ #define foreach_vht_cap(cap) \
+ for(int cap = NETWORK_PHY_VHT_CAP_VHT160; cap <= NETWORK_PHY_VHT_CAP_TX_ANTENNA_PATTERN; cap <<= 1)
+
+diff --git a/src/libnetwork/phy.c b/src/libnetwork/phy.c
+index 0bf9c81..e3f2aad 100644
+--- a/src/libnetwork/phy.c
++++ b/src/libnetwork/phy.c
+@@ -52,6 +52,7 @@ struct network_phy {
+
+ TAILQ_HEAD(head, network_phy_channel) channels;
+
++ enum network_phy_ciphers ciphers;
+ ssize_t max_mpdu_length;
+ unsigned int vht_caps;
+ unsigned int ht_caps;
+@@ -80,6 +81,81 @@ static int phy_get_index(const char* name) {
+ return atoi(index);
+ }
+
++static void phy_parse_ciphers(struct network_phy* phy, __u32* ciphers, int num) {
++ enum network_phy_ciphers cipher;
++
++ // Reset value
++ phy->ciphers = 0;
++
++ for (int i = 0; i < num; i++) {
++ switch (ciphers[i]) {
++ case 0x000fac01:
++ cipher = NETWORK_PHY_CIPHER_WEP40;
++ break;
++
++ case 0x000fac02:
++ cipher = NETWORK_PHY_CIPHER_TKIP;
++ break;
++
++ case 0x000fac04:
++ cipher = NETWORK_PHY_CIPHER_CCMP128;
++ break;
++
++ case 0x000fac05:
++ cipher = NETWORK_PHY_CIPHER_WEP104;
++ break;
++
++ case 0x000fac06:
++ cipher = NETWORK_PHY_CIPHER_CMAC128;
++ break;
++
++ case 0x000fac08:
++ cipher = NETWORK_PHY_CIPHER_GCMP128;
++ break;
++
++ case 0x000fac09:
++ cipher = NETWORK_PHY_CIPHER_GCMP256;
++ break;
++
++ /*
++ I have no idea what these are. My card reports them but
++ I could not find out anything about them.
++ */
++ case 0x000fac0a:
++ case 0x000fac0b:
++ case 0x000fac0c:
++ case 0x000fac0d:
++ continue;
++
++ case 0x000fac10:
++ cipher = NETWORK_PHY_CIPHER_CCMP256;
++ break;
++
++ case 0x000fac11:
++ cipher = NETWORK_PHY_CIPHER_GMAC128;
++ break;
++
++ case 0x000fac12:
++ cipher = NETWORK_PHY_CIPHER_GMAC256;
++ break;
++
++ case 0x000fac13:
++ cipher = NETWORK_PHY_CIPHER_CMAC256;
++ break;
++
++ case 0x00147201:
++ cipher = NETWORK_PHY_CIPHER_WPISMS4;
++ break;
++
++ default:
++ ERROR(phy->ctx, "Unknown cipher found: %x\n", ciphers[i]);
++ continue;
++ }
++
++ phy->ciphers |= cipher;
++ }
++}
++
+ static void phy_parse_vht_capabilities(struct network_phy* phy, __u32 caps) {
+ // Max MPDU length
+ switch (caps & 0x3) {
+@@ -325,6 +401,13 @@ static int phy_parse_info(struct nl_msg* msg, void* data) {
+ nla_parse(attrs, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+ genlmsg_attrlen(gnlh, 0), NULL);
+
++ // Ciphers
++ if (attrs[NL80211_ATTR_CIPHER_SUITES]) {
++ int num = nla_len(attrs[NL80211_ATTR_CIPHER_SUITES]) / sizeof(__u32);
++ __u32* ciphers = nla_data(attrs[NL80211_ATTR_CIPHER_SUITES]);
++ phy_parse_ciphers(phy, ciphers, num);
++ }
++
+ if (attrs[NL80211_ATTR_WIPHY_BANDS]) {
+ struct nlattr* nl_band;
+ int i;
+@@ -464,6 +547,72 @@ nla_put_failure:
+ return NULL;
+ }
+
++NETWORK_EXPORT const char* network_phy_get_cipher_string(const enum network_phy_ciphers cipher) {
++ switch (cipher) {
++ case NETWORK_PHY_CIPHER_WEP40:
++ return "WEP40";
++
++ case NETWORK_PHY_CIPHER_TKIP:
++ return "TKIP";
++
++ case NETWORK_PHY_CIPHER_CCMP128:
++ return "CCMP-128";
++
++ case NETWORK_PHY_CIPHER_WEP104:
++ return "WEP-104";
++
++ case NETWORK_PHY_CIPHER_CMAC128:
++ return "CMAC-128";
++
++ case NETWORK_PHY_CIPHER_GCMP128:
++ return "GCMP-128";
++
++ case NETWORK_PHY_CIPHER_GCMP256:
++ return "GCMP-256";
++
++ case NETWORK_PHY_CIPHER_CCMP256:
++ return "CCMP-256";
++
++ case NETWORK_PHY_CIPHER_GMAC128:
++ return "GMAC-128";
++
++ case NETWORK_PHY_CIPHER_GMAC256:
++ return "GMAC-256";
++
++ case NETWORK_PHY_CIPHER_CMAC256:
++ return "CMAC-256";
++
++ case NETWORK_PHY_CIPHER_WPISMS4:
++ return "WPI-SMS4";
++ }
++
++ return NULL;
++}
++
++NETWORK_EXPORT int network_phy_supports_cipher(struct network_phy* phy, const enum network_phy_ciphers cipher) {
++ return phy->ciphers & cipher;
++}
++
++NETWORK_EXPORT char* network_phy_list_ciphers(struct network_phy* phy) {
++ char* buffer = NULL;
++
++ foreach_cipher(cipher) {
++ if (network_phy_supports_cipher(phy, cipher)) {
++ const char* s = network_phy_get_cipher_string(cipher);
++
++ if (!s)
++ continue;
++
++ if (buffer)
++ asprintf(&buffer, "%s %s", buffer, s);
++ else
++ asprintf(&buffer, "%s", s);
++ }
++ }
++
++ return buffer;
++}
++
+ NETWORK_EXPORT int network_phy_has_vht_capability(struct network_phy* phy, const enum network_phy_vht_caps cap) {
+ return phy->vht_caps & cap;
+ }
+diff --git a/src/utils/.gitignore b/src/utils/.gitignore
+index 11cf3b6..df712dc 100644
+--- a/src/utils/.gitignore
++++ b/src/utils/.gitignore
+@@ -1,3 +1,4 @@
+ /network-phy-list-channels
++/network-phy-list-ciphers
+ /network-phy-list-ht-caps
+ /network-phy-list-vht-caps
+diff --git a/src/utils/network-phy-list-ciphers.c b/src/utils/network-phy-list-ciphers.c
+new file mode 100644
+index 0000000..0132c0c
+--- /dev/null
++++ b/src/utils/network-phy-list-ciphers.c
+@@ -0,0 +1,61 @@
++/*#############################################################################
++# #
++# IPFire.org - A linux based firewall #
++# Copyright (C) 2019 IPFire Network Development Team #
++# #
++# This program is free software: you can redistribute it and/or modify #
++# it under the terms of the GNU General Public License as published by #
++# the Free Software Foundation, either version 3 of the License, or #
++# (at your option) any later version. #
++# #
++# This program is distributed in the hope that it will be useful, #
++# but WITHOUT ANY WARRANTY; without even the implied warranty of #
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
++# GNU General Public License for more details. #
++# #
++# You should have received a copy of the GNU General Public License #
++# along with this program. If not, see <http://www.gnu.org/licenses/>. #
++# #
++#############################################################################*/
++
++#include <stdio.h>
++#include <stdlib.h>
++
++#include <network/libnetwork.h>
++#include <network/logging.h>
++#include <network/phy.h>
++
++int main(int argc, char** argv) {
++ struct network_ctx* ctx = NULL;
++ struct network_phy* phy = NULL;
++ int r;
++
++ if (argc < 2) {
++ fprintf(stderr, "No enough arguments\n");
++ r = 2;
++ goto END;
++ }
++
++ // Initialise context
++ r = network_new(&ctx);
++ if (r)
++ return r;
++
++ r = network_phy_new(ctx, &phy, argv[1]);
++ if (r) {
++ fprintf(stderr, "Could not find %s\n", argv[1]);
++ goto END;
++ }
++
++ // Print all supported ciphers
++ char* ciphers = network_phy_list_ciphers(phy);
++ if (ciphers && *ciphers) {
++ printf("%s\n", ciphers);
++ free(ciphers);
++ }
++
++END:
++ network_phy_unref(phy);
++ network_unref(ctx);
++ return r;
++}
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,26 @@
+From 27380e6e6343faa0b2c1a87234ecf21ecc6f0840 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 12:47:32 +0100
+Subject: [PATCH 033/304] hostapd: Enable WPA authentication with SHA256
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 6111457..79fb4db 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -413,7 +413,7 @@ hostapd_config_write() {
+ print "# Encryption settings"
+ print "wpa=${encryption_mode}"
+ print "wpa_passphrase=${key}"
+- print "wpa_key_mgmt=WPA-PSK"
++ print "wpa_key_mgmt=WPA-PSK-SHA256 WPA-PSK"
+ print "wpa_pairwise=${pairwise_ciphers[*]}"
+ print "rsn_pairwise=${pairwise_ciphers[*]}"
+ print "group_cipher=${group_ciphers[*]}"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,98 @@
+From 4637109c42417e34c02631cd8391bccc7f2733cb Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 13:03:59 +0100
+Subject: [PATCH 034/304] hooks: Automatically set defaults for all port hooks
+
+Before, this was broken so that all configuration parameters
+had to be passed all the time.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hook | 5 ++---
+ src/header-port | 4 ++++
+ src/hooks/ports/bonding | 5 ++---
+ src/hooks/ports/wireless-ap | 15 +++++----------
+ 4 files changed, 13 insertions(+), 16 deletions(-)
+
+diff --git a/src/functions/functions.hook b/src/functions/functions.hook
+index 2f3ced0..c0ebfcb 100644
+--- a/src/functions/functions.hook
++++ b/src/functions/functions.hook
+@@ -130,9 +130,8 @@ hook_set_defaults() {
+ for setting in ${HOOK_SETTINGS}; do
+ local default="DEFAULT_${setting}"
+
+- if isset ${default}; then
+- assign "${setting}" "${!default}"
+- fi
++ # Sets the default or empty
++ assign "${setting}" "${!default}"
+ done
+ }
+
+diff --git a/src/header-port b/src/header-port
+index ce1c192..141228a 100644
+--- a/src/header-port
++++ b/src/header-port
+@@ -44,6 +44,10 @@ hook_hotplug_rename() {
+
+ hook_default_new() {
+ local ${HOOK_SETTINGS}
++
++ # Import all default variables
++ hook_set_defaults
++
+ if ! hook_parse_cmdline "$@"; then
+ return ${EXIT_ERROR}
+ fi
+diff --git a/src/hooks/ports/bonding b/src/hooks/ports/bonding
+index 40d849f..f0572c3 100644
+--- a/src/hooks/ports/bonding
++++ b/src/hooks/ports/bonding
+@@ -23,9 +23,8 @@
+
+ HOOK_SETTINGS="ADDRESS MIIMON MODE OFFLOADING SLAVES"
+
+-SLAVES=""
+-MIIMON=100
+-MODE="balance-rr"
++DEFAULT_MIIMON=100
++DEFAULT_MODE="balance-rr"
+
+ hook_check_settings() {
+ assert isset ADDRESS
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 7073cbc..2bb4977 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -27,22 +27,17 @@ HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
+ HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID"
+ HOOK_SETTINGS="${HOOK_SETTINGS} MFP"
+
+-ADDRESS=$(mac_generate)
+-BROADCAST_SSID=on
+-CHANNEL=
+-CHANNEL_BANDWIDTH=
+-ENCRYPTION=""
+-KEY=""
+-SSID=
++# Broadcast SSID by default
++DEFAULT_BROADCAST_SSID="on"
+
+ # Perform radar detection by default when possible
+-DFS="on"
++DEFAULT_DFS="on"
+
+ # 802.11w - Management Frame Protection
+ # Disable by default because many clients cannot connect when enabled
+-MFP="off"
++DEFAULT_MFP="off"
+
+-ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
++DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
+
+ hook_check_settings() {
+ assert isset ADDRESS
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,176 @@
+From 53e764a73d5a04f653a4fda3c7f8810e8de13ed8 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 13:10:58 +0100
+Subject: [PATCH 035/304] hooks: Import zone default settings, too
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/header-zone | 5 +++++
+ src/hooks/zones/bridge | 11 ++---------
+ src/hooks/zones/ip-tunnel | 8 +-------
+ src/hooks/zones/modem | 12 +-----------
+ src/hooks/zones/pppoe | 20 ++------------------
+ 5 files changed, 11 insertions(+), 45 deletions(-)
+
+diff --git a/src/header-zone b/src/header-zone
+index ead4a32..7ad3e39 100644
+--- a/src/header-zone
++++ b/src/header-zone
+@@ -34,6 +34,11 @@ hook_new() {
+ assert isset zone
+ shift
+
++ local ${HOOK_SETTINGS}
++
++ # Import all default variables
++ hook_set_defaults
++
+ if ! hook_parse_cmdline "$@"; then
+ return ${EXIT_ERROR}
+ fi
+diff --git a/src/hooks/zones/bridge b/src/hooks/zones/bridge
+index 93a3a31..33d5811 100644
+--- a/src/hooks/zones/bridge
++++ b/src/hooks/zones/bridge
+@@ -29,6 +29,7 @@ HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MTU"
+ HOOK_PORT_SETTINGS="COST PRIORITY"
+
+ # Default values
++DEFAULT_STP="on"
+ DEFAULT_STP_FORWARD_DELAY=0
+ DEFAULT_STP_HELLO=2
+ DEFAULT_STP_MAXAGE=20
+@@ -123,19 +124,11 @@ hook_parse_cmdline() {
+ shift
+ done
+
+- # Generate a random MAC address if the user passed no one
++ # Generate a random MAC address if the user passed none
+ if ! isset ADDRESS; then
+ ADDRESS="$(mac_generate)"
+ fi
+
+- # Enable Spanning Tree Protocol by default
+- if ! isset STP; then
+- STP="on"
+- fi
+-
+- # Set all other defaults
+- hook_set_defaults
+-
+ return ${EXIT_OK}
+ }
+
+diff --git a/src/hooks/zones/ip-tunnel b/src/hooks/zones/ip-tunnel
+index c9c73ba..e4be361 100644
+--- a/src/hooks/zones/ip-tunnel
++++ b/src/hooks/zones/ip-tunnel
+@@ -26,13 +26,7 @@ SUPPORTED_IP_TUNNEL_MODES="gre vti"
+ HOOK_SETTINGS="HOOK MARK MODE PEER LOCAL_ADDRESS"
+
+ # Default mode of the tunnel
+-MODE="gre"
+-
+-# The IP address of the tunnel endpoint where to connect to
+-PEER=
+-
+-# The local IP address of the tunnel endpoint
+-LOCAL_ADDRESS=
++DEFAULT_MODE="gre"
+
+ hook_check_settings() {
+ assert isset MODE && assert isoneof MODE ${SUPPORTED_IP_TUNNEL_MODES}
+diff --git a/src/hooks/zones/modem b/src/hooks/zones/modem
+index 1b4c3c0..50d43c7 100644
+--- a/src/hooks/zones/modem
++++ b/src/hooks/zones/modem
+@@ -27,47 +27,37 @@ MODEM_ALLOWED_AUTH_METHODS="${PPP_ALLOWED_AUTH_METHODS}"
+ HOOK_SETTINGS="HOOK"
+
+ # Access Point Name.
+-APN=
+ HOOK_SETTINGS="${HOOK_SETTINGS} APN"
+
+ # Sets the authentication algortihm that must be used.
+-AUTH=
+ HOOK_SETTINGS="${HOOK_SETTINGS} AUTH"
+
+ # Baudrate.
+-BAUDRATE=921600
++DEFAULT_BAUDRATE=921600
+ HOOK_SETTINGS="${HOOK_SETTINGS} BAUDRATE"
+
+ # The device name of the serial device.
+ # XXX how can we make sure that this does not change all the time?
+-DEVICE=
+ HOOK_SETTINGS="${HOOK_SETTINGS} DEVICE"
+
+ # A monitor device.
+ # Send AT commands to this device, when the primary device is
+ # connected.
+-MONITOR_DEVICE=
+ HOOK_SETTINGS="${HOOK_SETTINGS} MONITOR_DEVICE"
+
+ # Maximum transmission unit.
+-MTU=
+ HOOK_SETTINGS="${HOOK_SETTINGS} MTU"
+
+ # User credentials.
+-USERNAME=
+-PASSWORD=
+ HOOK_SETTINGS="${HOOK_SETTINGS} USERNAME PASSWORD"
+
+ # PIN code.
+-PIN=
+ HOOK_SETTINGS="${HOOK_SETTINGS} PIN"
+
+ # Phone number.
+-PHONE_NUMBER=
+ HOOK_SETTINGS="${HOOK_SETTINGS} PHONE_NUMBER"
+
+ # IMSI
+-IMSI=
+ HOOK_SETTINGS="${HOOK_SETTINGS} IMSI"
+
+ hook_check_settings() {
+diff --git a/src/hooks/zones/pppoe b/src/hooks/zones/pppoe
+index e113c92..cd3913b 100644
+--- a/src/hooks/zones/pppoe
++++ b/src/hooks/zones/pppoe
+@@ -24,31 +24,15 @@
+ HOOK_SETTINGS="HOOK ACCESS_CONCENTRATOR AUTH USERNAME PASSWORD"
+ HOOK_SETTINGS="${HOOK_SETTINGS} SERVICE_NAME MTU IPV6 PREFIX_DELEGATION"
+
+-# User credentials for the dialin.
+-USERNAME=""
+-PASSWORD=""
+-
+-# Set the authentication mechanism.
+-AUTH=
+-
+-# Access Concentrator.
+-ACCESS_CONCENTRATOR=""
+-
+-# Service name.
+-SERVICE_NAME=""
+-
+-# Maximum Transmission Unit.
+-MTU=
+-
+ # This hook can work with all authentication methods supported by pppd.
+ PPPOE_SUPPORTED_AUTH_METHODS="${PPP_SUPPORTED_AUTH_METHODS}"
+ PPPOE_PLUGIN="rp-pppoe.so"
+
+ # Request an IPv6 address.
+-IPV6="true"
++DEFAULT_IPV6="true"
+
+ # Use IPv6 prefix delegation.
+-PREFIX_DELEGATION="true"
++DEFAULT_PREFIX_DELEGATION="true"
+
+ hook_check_settings() {
+ assert isset USERNAME
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,628 @@
+From d389e96b6c0a73fefd907bc99401b4ce4021bf97 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 13:49:08 +0100
+Subject: [PATCH 036/304] Convert HOOK_SETTINGS into an array
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hook | 2 +-
+ src/functions/functions.ports | 4 +--
+ src/functions/functions.zone | 6 ++---
+ src/header-port | 10 ++++----
+ src/header-zone | 2 +-
+ src/hooks/ports/bonding | 20 +++++++++------
+ src/hooks/ports/dummy | 10 +++++---
+ src/hooks/ports/ethernet | 19 +++++++++------
+ src/hooks/ports/ip-tunnel | 16 ++++++++----
+ src/hooks/ports/vlan | 14 +++++++----
+ src/hooks/ports/wireless-ap | 19 ++++++++++++---
+ src/hooks/ports/wireless-mesh | 12 ++++++---
+ src/hooks/zones/bridge | 17 ++++++++++---
+ src/hooks/zones/ip-tunnel | 7 +++++-
+ src/hooks/zones/modem | 46 ++++++++++-------------------------
+ src/hooks/zones/pppoe | 12 +++++++--
+ src/hooks/zones/wireless | 5 +++-
+ 17 files changed, 132 insertions(+), 89 deletions(-)
+
+diff --git a/src/functions/functions.hook b/src/functions/functions.hook
+index c0ebfcb..fb68037 100644
+--- a/src/functions/functions.hook
++++ b/src/functions/functions.hook
+@@ -127,7 +127,7 @@ hook_help() {
+ # Sets all settings in HOOK_SETTINGS to their DEFAULT_* values
+ hook_set_defaults() {
+ local setting
+- for setting in ${HOOK_SETTINGS}; do
++ for setting in ${HOOK_SETTINGS[*]}; do
+ local default="DEFAULT_${setting}"
+
+ # Sets the default or empty
+diff --git a/src/functions/functions.ports b/src/functions/functions.ports
+index f70adf6..fb22715 100644
+--- a/src/functions/functions.ports
++++ b/src/functions/functions.ports
+@@ -85,7 +85,7 @@ port_settings_read() {
+ # Save the HOOK variable.
+ local hook="${HOOK}"
+
+- settings_read "$(port_file "${port}")" ${HOOK_SETTINGS}
++ settings_read "$(port_file "${port}")" ${HOOK_SETTINGS[*]}
+
+ # Restore hook.
+ HOOK="${hook}"
+@@ -100,7 +100,7 @@ port_settings_write() {
+ if function_exists "hook_check_settings"; then
+ list_append args "--check=\"hook_check_settings\""
+ fi
+- list_append args HOOK ${HOOK_SETTINGS}
++ list_append args HOOK ${HOOK_SETTINGS[*]}
+
+ settings_write "$(port_file "${port}")" ${args}
+ }
+diff --git a/src/functions/functions.zone b/src/functions/functions.zone
+index 57e0b71..a0d3cfb 100644
+--- a/src/functions/functions.zone
++++ b/src/functions/functions.zone
+@@ -1248,8 +1248,8 @@ zone_settings_read() {
+ shift
+
+ local args
+- if [ $# -eq 0 ] && [ -n "${HOOK_SETTINGS}" ]; then
+- list_append args ${HOOK_SETTINGS}
++ if [ $# -eq 0 ] && [ -n "${HOOK_SETTINGS[*]}" ]; then
++ list_append args ${HOOK_SETTINGS[*]}
+ else
+ list_append args "$@"
+ fi
+@@ -1271,7 +1271,7 @@ zone_settings_write() {
+ if function_exists "hook_check_settings"; then
+ list_append args "--check=\"hook_check_settings\""
+ fi
+- list_append args ${HOOK_SETTINGS}
++ list_append args HOOK ${HOOK_SETTINGS[*]}
+
+ settings_write "${NETWORK_ZONES_DIR}/${zone}/settings" ${args}
+ }
+diff --git a/src/header-port b/src/header-port
+index 141228a..2d8a820 100644
+--- a/src/header-port
++++ b/src/header-port
+@@ -43,7 +43,7 @@ hook_hotplug_rename() {
+ }
+
+ hook_default_new() {
+- local ${HOOK_SETTINGS}
++ local ${HOOK_SETTINGS[*]}
+
+ # Import all default variables
+ hook_set_defaults
+@@ -57,7 +57,7 @@ hook_default_new() {
+ local port=$(port_find_free ${HOOK_PORT_PATTERN})
+ assert isset port
+
+- port_settings_write "${port}" ${HOOK_SETTINGS}
++ port_settings_write "${port}" ${HOOK_SETTINGS[*]}
+
+ exit ${EXIT_OK}
+ }
+@@ -72,7 +72,7 @@ hook_default_edit() {
+ shift
+
+ # Read settings
+- if ! port_settings_read "${port}" ${HOOK_SETTINGS}; then
++ if ! port_settings_read "${port}" ${HOOK_SETTINGS[*]}; then
+ error "Could not read settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+@@ -83,7 +83,7 @@ hook_default_edit() {
+ fi
+
+ # Save settings
+- if ! port_settings_write "${port}" ${HOOK_SETTINGS}; then
++ if ! port_settings_write "${port}" ${HOOK_SETTINGS[*]}; then
+ error "Could not write settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+@@ -102,7 +102,7 @@ hook_edit() {
+ hook_children() {
+ local port="${1}"
+
+- if ! port_settings_read "${port}" ${HOOK_SETTINGS}; then
++ if ! port_settings_read "${port}" ${HOOK_SETTINGS[*]}; then
+ log ERROR "Could not read port settings: ${port}"
+ return ${EXIT_OK}
+ fi
+diff --git a/src/header-zone b/src/header-zone
+index 7ad3e39..2174b01 100644
+--- a/src/header-zone
++++ b/src/header-zone
+@@ -34,7 +34,7 @@ hook_new() {
+ assert isset zone
+ shift
+
+- local ${HOOK_SETTINGS}
++ local ${HOOK_SETTINGS[*]}
+
+ # Import all default variables
+ hook_set_defaults
+diff --git a/src/hooks/ports/bonding b/src/hooks/ports/bonding
+index f0572c3..09fb74f 100644
+--- a/src/hooks/ports/bonding
++++ b/src/hooks/ports/bonding
+@@ -21,7 +21,13 @@
+
+ . /usr/lib/network/header-port
+
+-HOOK_SETTINGS="ADDRESS MIIMON MODE OFFLOADING SLAVES"
++HOOK_SETTINGS=(
++ "ADDRESS"
++ "MIIMON"
++ "MODE"
++ "OFFLOADING"
++ "SLAVES"
++)
+
+ DEFAULT_MIIMON=100
+ DEFAULT_MODE="balance-rr"
+@@ -110,7 +116,7 @@ hook_new() {
+ assert isset port
+
+ # Save configuration
+- if port_settings_write "${port}" ${HOOK_SETTINGS}; then
++ if port_settings_write "${port}" ${HOOK_SETTINGS[*]}; then
+ log INFO "New port ${port} has been created"
+ else
+ error "Could not save configuration for ${port}"
+@@ -162,7 +168,7 @@ hook_create() {
+ # Exit silently if the device already exists
+ device_exists "${port}" && exit ${EXIT_OK}
+
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Create the bonding devices
+ bonding_create "${port}" \
+@@ -178,7 +184,7 @@ hook_remove() {
+ local port="${1}"
+ assert isset port
+
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Remove the bonding device
+ if device_exists "${port}"; then
+@@ -190,7 +196,7 @@ hook_up() {
+ local port="${1}"
+ assert isset port
+
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Auto-enable or disable hardware offloading
+ if ! isset OFFLOADING || enabled OFFLOADING; then
+@@ -213,7 +219,7 @@ hook_down() {
+ local port="${1}"
+ assert isset port
+
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Bring down all slaves
+ local slave
+@@ -234,7 +240,7 @@ hook_hotplug() {
+ # Handle events of the same interface
+ if hotplug_event_port_is_interface "${port}"; then
+ # Read configuration
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Bring up all slaves
+ # Attach those which already exist and try to create
+diff --git a/src/hooks/ports/dummy b/src/hooks/ports/dummy
+index 61d2f94..1c4b3c9 100644
+--- a/src/hooks/ports/dummy
++++ b/src/hooks/ports/dummy
+@@ -21,7 +21,9 @@
+
+ . /usr/lib/network/header-port
+
+-HOOK_SETTINGS="ADDRESS"
++HOOK_SETTINGS=(
++ "ADDRESS"
++)
+
+ hook_check_settings() {
+ assert ismac ADDRESS
+@@ -60,7 +62,7 @@ hook_new() {
+ local port=$(port_find_free ${DUMMY_PORT_PATTERN})
+ assert isset port
+
+- if port_settings_write "${port}" ${HOOK_SETTINGS}; then
++ if port_settings_write "${port}" ${HOOK_SETTINGS[*]}; then
+ log INFO "New dummy port '${port}' has been created"
+ fi
+
+@@ -72,7 +74,7 @@ hook_create() {
+ assert isset port
+
+ # Read configuration
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Create the dummy device
+ dummy_create "${port}" "${ADDRESS}"
+@@ -115,7 +117,7 @@ hook_hotplug_rename() {
+ local device=${2}
+ assert isset device
+
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ if [ "${ADDRESS}" = "$(device_get_address ${device})" ]; then
+ log DEBUG "Device '${device}' equals port '${port}'."
+diff --git a/src/hooks/ports/ethernet b/src/hooks/ports/ethernet
+index 0d9c5cd..f3e3f9f 100644
+--- a/src/hooks/ports/ethernet
++++ b/src/hooks/ports/ethernet
+@@ -21,10 +21,13 @@
+
+ . /usr/lib/network/header-port
+
+-# DEVICE equals the actual MAC address of the device.
+-# If ADDRESS is set, the device will get ADDRESS set for its MAC address.
+-
+-HOOK_SETTINGS="ADDRESS ADVERTISED_LINK_SPEEDS DEVICE OFFLOADING MTU"
++HOOK_SETTINGS=(
++ "ADDRESS"
++ "ADVERTISED_LINK_SPEEDS"
++ "DEVICE"
++ "OFFLOADING"
++ "MTU"
++)
+
+ hook_check_settings() {
+ assert ismac DEVICE
+@@ -114,7 +117,7 @@ hook_new() {
+
+ local DEVICE="$(device_get_address "${device}")"
+
+- if ! port_settings_write "${port}" ${HOOK_SETTINGS}; then
++ if ! port_settings_write "${port}" ${HOOK_SETTINGS[*]}; then
+ log ERROR "Could not write settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+@@ -129,8 +132,8 @@ hook_create() {
+ hook_up() {
+ local port="${1}"
+
+- local ${HOOK_SETTINGS}
+- if ! port_settings_read "${port}" ${HOOK_SETTINGS}; then
++ local ${HOOK_SETTINGS[*]}
++ if ! port_settings_read "${port}" ${HOOK_SETTINGS[*]}; then
+ log ERROR "Could not read settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+@@ -177,7 +180,7 @@ hook_hotplug_rename() {
+ assert isset device
+
+ # Read in the conifguration file.
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Get the current MAC address of the device.
+ local address=$(device_get_address ${device})
+diff --git a/src/hooks/ports/ip-tunnel b/src/hooks/ports/ip-tunnel
+index 3943e4c..b426963 100644
+--- a/src/hooks/ports/ip-tunnel
++++ b/src/hooks/ports/ip-tunnel
+@@ -23,7 +23,13 @@
+
+ SUPPORTED_IP_TUNNEL_MODES="gretap"
+
+-HOOK_SETTINGS="ADDRESS MARK MODE PEER LOCAL_ADDRESS"
++HOOK_SETTINGS=(
++ "ADDRESS"
++ "MARK"
++ "MODE"
++ "PEER"
++ "LOCAL_ADDRESS"
++)
+
+ hook_check_settings() {
+ assert isset MODE
+@@ -108,8 +114,8 @@ hook_create() {
+ local port="${1}"
+ assert isset port
+
+- local ${HOOK_SETTINGS}
+- if ! port_settings_read "${port}" ${HOOK_SETTINGS}; then
++ local ${HOOK_SETTINGS[*]}
++ if ! port_settings_read "${port}" ${HOOK_SETTINGS[*]}; then
+ log ERROR "Could not read settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+@@ -146,8 +152,8 @@ hook_hotplug_rename() {
+ local device="${2}"
+ assert isset device
+
+- local ${HOOK_SETTINGS}
+- if ! port_settings_read "${port}" ${HOOK_SETTINGS}; then
++ local ${HOOK_SETTINGS[*]}
++ if ! port_settings_read "${port}" ${HOOK_SETTINGS[*]}; then
+ log ERROR "Could not read settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index bc12a9e..e9aa545 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -21,7 +21,11 @@
+
+ . /usr/lib/network/header-port
+
+-HOOK_SETTINGS="ADDRESS PARENT_DEVICE TAG"
++HOOK_SETTINGS=(
++ "ADDRESS"
++ "PARENT_DEVICE"
++ "TAG"
++)
+
+ PORT_PARENTS_VAR="PARENT"
+
+@@ -68,7 +72,7 @@ hook_new() {
+
+ local port="${PARENT_DEVICE}${VLAN_PORT_INTERFIX}${TAG}"
+
+- port_settings_write "${port}" ${HOOK_SETTINGS}
++ port_settings_write "${port}" ${HOOK_SETTINGS[*]}
+
+ exit ${EXIT_OK}
+ }
+@@ -78,7 +82,7 @@ hook_edit() {
+ assert isset port
+ shift
+
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+@@ -92,7 +96,7 @@ hook_edit() {
+ shift
+ done
+
+- port_settings_write "${port}" ${HOOK_SETTINGS}
++ port_settings_write "${port}" ${HOOK_SETTINGS[*]}
+
+ exit ${EXIT_OK}
+ }
+@@ -104,7 +108,7 @@ hook_create() {
+ device_exists "${port}" && exit ${EXIT_OK}
+
+ # Read configruation
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Create the VLAN device
+ vlan_create "${port}" "${PARENT_DEVICE}" "${TAG}" "${ADDRESS}"
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 2bb4977..8d495d2 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -23,9 +23,20 @@
+
+ HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
+
+-HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
+-HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID"
+-HOOK_SETTINGS="${HOOK_SETTINGS} MFP"
++HOOK_SETTINGS=(
++ "ADDRESS"
++ "BROADCAST_SSID"
++ "CHANNEL"
++ "CHANNEL_BANDWIDTH"
++ "DFS"
++ "ENCRYPTION"
++ "ENVIRONMENT"
++ "KEY"
++ "MFP"
++ "MODE"
++ "PHY"
++ "SSID"
++)
+
+ # Broadcast SSID by default
+ DEFAULT_BROADCAST_SSID="on"
+@@ -186,7 +197,7 @@ hook_create() {
+
+ device_exists "${port}" && exit ${EXIT_OK}
+
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Check if the PHY is present.
+ local phy=$(phy_get ${PHY})
+diff --git a/src/hooks/ports/wireless-mesh b/src/hooks/ports/wireless-mesh
+index 4fb4dc9..306263d 100644
+--- a/src/hooks/ports/wireless-mesh
++++ b/src/hooks/ports/wireless-mesh
+@@ -23,7 +23,13 @@
+
+ HOOK_PORT_PATTERN="${PORT_PATTERN_MESH}"
+
+-HOOK_SETTINGS="ADDRESS MESH_ID CHANNEL PHY PSK"
++HOOK_SETTINGS=(
++ "ADDRESS"
++ "CHANNEL"
++ "MESH_ID"
++ "PHY"
++ "PSK"
++)
+
+ hook_check_settings() {
+ assert ismac ADDRESS
+@@ -84,7 +90,7 @@ hook_create() {
+ assert isset port
+
+ # Read settings
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ # Check if the PHY is present.
+ local phy="$(phy_get "${PHY}")"
+@@ -143,7 +149,7 @@ hook_hotplug() {
+ local port="${1}"
+ assert isset port
+
+- port_settings_read "${port}" ${HOOK_SETTINGS}
++ port_settings_read "${port}" ${HOOK_SETTINGS[*]}
+
+ case "$(hotplug_action)" in
+ add)
+diff --git a/src/hooks/zones/bridge b/src/hooks/zones/bridge
+index 33d5811..0b18331 100644
+--- a/src/hooks/zones/bridge
++++ b/src/hooks/zones/bridge
+@@ -23,10 +23,19 @@
+
+ HOOK_MANPAGE="network-zone-bridge"
+
+-HOOK_SETTINGS="HOOK ADDRESS STP STP_FORWARD_DELAY STP_HELLO STP_MAXAGE"
+-HOOK_SETTINGS="${HOOK_SETTINGS} STP_PRIORITY MTU"
+-
+-HOOK_PORT_SETTINGS="COST PRIORITY"
++HOOK_SETTINGS=(
++ "ADDRESS"
++ "STP"
++ "STP_FORWARD_DELAY"
++ "STP_HELLO STP_MAXAGE"
++ "STP_PRIORITY"
++ "MTU"
++)
++
++HOOK_PORT_SETTINGS=(
++ "COST"
++ "PRIORITY"
++)
+
+ # Default values
+ DEFAULT_STP="on"
+diff --git a/src/hooks/zones/ip-tunnel b/src/hooks/zones/ip-tunnel
+index e4be361..634154e 100644
+--- a/src/hooks/zones/ip-tunnel
++++ b/src/hooks/zones/ip-tunnel
+@@ -23,7 +23,12 @@
+
+ SUPPORTED_IP_TUNNEL_MODES="gre vti"
+
+-HOOK_SETTINGS="HOOK MARK MODE PEER LOCAL_ADDRESS"
++HOOK_SETTINGS=(
++ "MARK"
++ "MODE"
++ "PEER"
++ "LOCAL_ADDRESS"
++)
+
+ # Default mode of the tunnel
+ DEFAULT_MODE="gre"
+diff --git a/src/hooks/zones/modem b/src/hooks/zones/modem
+index 50d43c7..e12b104 100644
+--- a/src/hooks/zones/modem
++++ b/src/hooks/zones/modem
+@@ -24,41 +24,21 @@
+ # Modems support all authentication methods, that pppd does support.
+ MODEM_ALLOWED_AUTH_METHODS="${PPP_ALLOWED_AUTH_METHODS}"
+
+-HOOK_SETTINGS="HOOK"
++HOOK_SETTINGS=(
++ "APN"
++ "AUTH"
++ "BAUDRATE"
++ "DEVICE"
++ "MONITOR_DEVICE"
++ "MTU"
++ "USERNAME"
++ "PASSWORD"
++ "PIN"
++ "PHONE_NUMBER"
++ "IMSI"
++)
+
+-# Access Point Name.
+-HOOK_SETTINGS="${HOOK_SETTINGS} APN"
+-
+-# Sets the authentication algortihm that must be used.
+-HOOK_SETTINGS="${HOOK_SETTINGS} AUTH"
+-
+-# Baudrate.
+ DEFAULT_BAUDRATE=921600
+-HOOK_SETTINGS="${HOOK_SETTINGS} BAUDRATE"
+-
+-# The device name of the serial device.
+-# XXX how can we make sure that this does not change all the time?
+-HOOK_SETTINGS="${HOOK_SETTINGS} DEVICE"
+-
+-# A monitor device.
+-# Send AT commands to this device, when the primary device is
+-# connected.
+-HOOK_SETTINGS="${HOOK_SETTINGS} MONITOR_DEVICE"
+-
+-# Maximum transmission unit.
+-HOOK_SETTINGS="${HOOK_SETTINGS} MTU"
+-
+-# User credentials.
+-HOOK_SETTINGS="${HOOK_SETTINGS} USERNAME PASSWORD"
+-
+-# PIN code.
+-HOOK_SETTINGS="${HOOK_SETTINGS} PIN"
+-
+-# Phone number.
+-HOOK_SETTINGS="${HOOK_SETTINGS} PHONE_NUMBER"
+-
+-# IMSI
+-HOOK_SETTINGS="${HOOK_SETTINGS} IMSI"
+
+ hook_check_settings() {
+ assert isset DEVICE
+diff --git a/src/hooks/zones/pppoe b/src/hooks/zones/pppoe
+index cd3913b..4f7ae51 100644
+--- a/src/hooks/zones/pppoe
++++ b/src/hooks/zones/pppoe
+@@ -21,8 +21,16 @@
+
+ . /usr/lib/network/header-zone
+
+-HOOK_SETTINGS="HOOK ACCESS_CONCENTRATOR AUTH USERNAME PASSWORD"
+-HOOK_SETTINGS="${HOOK_SETTINGS} SERVICE_NAME MTU IPV6 PREFIX_DELEGATION"
++HOOK_SETTINGS=(
++ "ACCESS_CONCENTRATOR"
++ "AUTH"
++ "USERNAME"
++ "PASSWORD"
++ "SERVICE_NAME"
++ "MTU"
++ "IPV6"
++ "PREFIX_DELEGATION"
++)
+
+ # This hook can work with all authentication methods supported by pppd.
+ PPPOE_SUPPORTED_AUTH_METHODS="${PPP_SUPPORTED_AUTH_METHODS}"
+diff --git a/src/hooks/zones/wireless b/src/hooks/zones/wireless
+index 553d917..9c52dce 100644
+--- a/src/hooks/zones/wireless
++++ b/src/hooks/zones/wireless
+@@ -21,7 +21,10 @@
+
+ . /usr/lib/network/header-zone
+
+-HOOK_SETTINGS="HOOK ADDRESS PHY"
++HOOK_SETTINGS=(
++ "ADDRESS"
++ "PHY"
++)
+
+ hook_check_settings() {
+ assert ismac ADDRESS
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,133 @@
+From 227d458f4fac10cbf0970515edd3227913fc1bf4 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 14:04:35 +0100
+Subject: [PATCH 037/304] settings: Some code refactoring
+
+No functional changes
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hook | 13 +++++++++++++
+ src/functions/functions.ports | 10 ++--------
+ src/functions/functions.zone | 32 ++++++++------------------------
+ 3 files changed, 23 insertions(+), 32 deletions(-)
+
+diff --git a/src/functions/functions.hook b/src/functions/functions.hook
+index fb68037..11887cd 100644
+--- a/src/functions/functions.hook
++++ b/src/functions/functions.hook
+@@ -124,6 +124,19 @@ hook_help() {
+ exit $?
+ }
+
++# Dummy functions being overlayed by hooks
++hook_check_settings() {
++ :
++}
++
++hook_check_config_settings() {
++ :
++}
++
++hook_check_port_settings() {
++ :
++}
++
+ # Sets all settings in HOOK_SETTINGS to their DEFAULT_* values
+ hook_set_defaults() {
+ local setting
+diff --git a/src/functions/functions.ports b/src/functions/functions.ports
+index fb22715..d8a9140 100644
+--- a/src/functions/functions.ports
++++ b/src/functions/functions.ports
+@@ -94,15 +94,9 @@ port_settings_read() {
+ port_settings_write() {
+ local port="${1}"
+ assert isset port
+- shift
+-
+- local args
+- if function_exists "hook_check_settings"; then
+- list_append args "--check=\"hook_check_settings\""
+- fi
+- list_append args HOOK ${HOOK_SETTINGS[*]}
+
+- settings_write "$(port_file "${port}")" ${args}
++ settings_write "$(port_file "${port}")" \
++ --check="hook_check_settings" HOOK ${HOOK_SETTINGS[*]}
+ }
+
+ port_file() {
+diff --git a/src/functions/functions.zone b/src/functions/functions.zone
+index a0d3cfb..e81371b 100644
+--- a/src/functions/functions.zone
++++ b/src/functions/functions.zone
+@@ -1267,13 +1267,8 @@ zone_settings_write() {
+ local zone="${1}"
+ assert isset zone
+
+- local args
+- if function_exists "hook_check_settings"; then
+- list_append args "--check=\"hook_check_settings\""
+- fi
+- list_append args HOOK ${HOOK_SETTINGS[*]}
+-
+- settings_write "${NETWORK_ZONES_DIR}/${zone}/settings" ${args}
++ settings_write "${NETWORK_ZONES_DIR}/${zone}/settings" \
++ --check="hook_check_settings" HOOK ${HOOK_SETTINGS[*]}
+ }
+
+ zone_settings_set() {
+@@ -1328,7 +1323,7 @@ zone_config_settings_read() {
+ }
+
+ zone_config_settings_write() {
+- assert [ $# -ge 2 ]
++ assert [ $# -eq 2 ]
+
+ local zone="${1}"
+ local hook="${2}"
+@@ -1336,14 +1331,9 @@ zone_config_settings_write() {
+
+ assert isset id
+
+- local args
+- if function_exists "hook_check_config_settings"; then
+- list_append args "--check=\"hook_check_config_settings\""
+- fi
+- list_append args ${HOOK_CONFIG_SETTINGS}
+-
+ local path="${NETWORK_ZONES_DIR}/${zone}/configs/${hook}.${id}"
+- settings_write "${path}" ${args}
++ settings_write "${path}" \
++ --check="hook_check_config_settings" ${HOOK_CONFIG_SETTINGS[*]}
+ }
+
+ zone_config_settings_destroy() {
+@@ -1416,20 +1406,14 @@ zone_port_settings_read() {
+ }
+
+ zone_port_settings_write() {
+- assert [ $# -ge 2 ]
++ assert [ $# -eq 2 ]
+
+ local zone="${1}"
+ local port="${2}"
+- shift 2
+-
+- local args
+- if function_exists "hook_check_port_settings"; then
+- list_append args "--check=\"hook_check_port_settings\""
+- fi
+- list_append args ${HOOK_PORT_SETTINGS}
+
+ local path="${NETWORK_ZONES_DIR}/${zone}/ports/${port}"
+- settings_write "${path}" ${args}
++ settings_write "${path}" \
++ --check="hook_check_port_settings" ${HOOK_PORT_SETTINGS[*]}
+ }
+
+ zone_port_settings_remove() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,239 @@
+From eba9fa9c0b647552d8a43fb6ff5ab00c2ab21402 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 14:14:56 +0100
+Subject: [PATCH 038/304] ports: Drop HOOK_SETTINGS variable
+
+This does not need to be passed to the port_settings_* functions
+any more which makes them more easy to use
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/bonding | 12 ++++++------
+ src/hooks/ports/dummy | 6 +++---
+ src/hooks/ports/ethernet | 6 +++---
+ src/hooks/ports/ip-tunnel | 4 ++--
+ src/hooks/ports/vlan | 8 ++++----
+ src/hooks/ports/wireless-ap | 2 +-
+ src/hooks/ports/wireless-mesh | 4 ++--
+ 7 files changed, 21 insertions(+), 21 deletions(-)
+
+diff --git a/src/hooks/ports/bonding b/src/hooks/ports/bonding
+index 09fb74f..a0cf5c0 100644
+--- a/src/hooks/ports/bonding
++++ b/src/hooks/ports/bonding
+@@ -116,7 +116,7 @@ hook_new() {
+ assert isset port
+
+ # Save configuration
+- if port_settings_write "${port}" ${HOOK_SETTINGS[*]}; then
++ if port_settings_write "${port}"; then
+ log INFO "New port ${port} has been created"
+ else
+ error "Could not save configuration for ${port}"
+@@ -168,7 +168,7 @@ hook_create() {
+ # Exit silently if the device already exists
+ device_exists "${port}" && exit ${EXIT_OK}
+
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Create the bonding devices
+ bonding_create "${port}" \
+@@ -184,7 +184,7 @@ hook_remove() {
+ local port="${1}"
+ assert isset port
+
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Remove the bonding device
+ if device_exists "${port}"; then
+@@ -196,7 +196,7 @@ hook_up() {
+ local port="${1}"
+ assert isset port
+
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Auto-enable or disable hardware offloading
+ if ! isset OFFLOADING || enabled OFFLOADING; then
+@@ -219,7 +219,7 @@ hook_down() {
+ local port="${1}"
+ assert isset port
+
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Bring down all slaves
+ local slave
+@@ -240,7 +240,7 @@ hook_hotplug() {
+ # Handle events of the same interface
+ if hotplug_event_port_is_interface "${port}"; then
+ # Read configuration
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Bring up all slaves
+ # Attach those which already exist and try to create
+diff --git a/src/hooks/ports/dummy b/src/hooks/ports/dummy
+index 1c4b3c9..387c88b 100644
+--- a/src/hooks/ports/dummy
++++ b/src/hooks/ports/dummy
+@@ -62,7 +62,7 @@ hook_new() {
+ local port=$(port_find_free ${DUMMY_PORT_PATTERN})
+ assert isset port
+
+- if port_settings_write "${port}" ${HOOK_SETTINGS[*]}; then
++ if port_settings_write "${port}"; then
+ log INFO "New dummy port '${port}' has been created"
+ fi
+
+@@ -74,7 +74,7 @@ hook_create() {
+ assert isset port
+
+ # Read configuration
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Create the dummy device
+ dummy_create "${port}" "${ADDRESS}"
+@@ -117,7 +117,7 @@ hook_hotplug_rename() {
+ local device=${2}
+ assert isset device
+
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ if [ "${ADDRESS}" = "$(device_get_address ${device})" ]; then
+ log DEBUG "Device '${device}' equals port '${port}'."
+diff --git a/src/hooks/ports/ethernet b/src/hooks/ports/ethernet
+index f3e3f9f..5f76e15 100644
+--- a/src/hooks/ports/ethernet
++++ b/src/hooks/ports/ethernet
+@@ -117,7 +117,7 @@ hook_new() {
+
+ local DEVICE="$(device_get_address "${device}")"
+
+- if ! port_settings_write "${port}" ${HOOK_SETTINGS[*]}; then
++ if ! port_settings_write "${port}"; then
+ log ERROR "Could not write settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+@@ -133,7 +133,7 @@ hook_up() {
+ local port="${1}"
+
+ local ${HOOK_SETTINGS[*]}
+- if ! port_settings_read "${port}" ${HOOK_SETTINGS[*]}; then
++ if ! port_settings_read "${port}"; then
+ log ERROR "Could not read settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+@@ -180,7 +180,7 @@ hook_hotplug_rename() {
+ assert isset device
+
+ # Read in the conifguration file.
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Get the current MAC address of the device.
+ local address=$(device_get_address ${device})
+diff --git a/src/hooks/ports/ip-tunnel b/src/hooks/ports/ip-tunnel
+index b426963..fa7193c 100644
+--- a/src/hooks/ports/ip-tunnel
++++ b/src/hooks/ports/ip-tunnel
+@@ -115,7 +115,7 @@ hook_create() {
+ assert isset port
+
+ local ${HOOK_SETTINGS[*]}
+- if ! port_settings_read "${port}" ${HOOK_SETTINGS[*]}; then
++ if ! port_settings_read "${port}"; then
+ log ERROR "Could not read settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+@@ -153,7 +153,7 @@ hook_hotplug_rename() {
+ assert isset device
+
+ local ${HOOK_SETTINGS[*]}
+- if ! port_settings_read "${port}" ${HOOK_SETTINGS[*]}; then
++ if ! port_settings_read "${port}"; then
+ log ERROR "Could not read settings for port ${port}"
+ return ${EXIT_ERROR}
+ fi
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index e9aa545..f511986 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -72,7 +72,7 @@ hook_new() {
+
+ local port="${PARENT_DEVICE}${VLAN_PORT_INTERFIX}${TAG}"
+
+- port_settings_write "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_write "${port}"
+
+ exit ${EXIT_OK}
+ }
+@@ -82,7 +82,7 @@ hook_edit() {
+ assert isset port
+ shift
+
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+@@ -96,7 +96,7 @@ hook_edit() {
+ shift
+ done
+
+- port_settings_write "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_write "${port}"
+
+ exit ${EXIT_OK}
+ }
+@@ -108,7 +108,7 @@ hook_create() {
+ device_exists "${port}" && exit ${EXIT_OK}
+
+ # Read configruation
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Create the VLAN device
+ vlan_create "${port}" "${PARENT_DEVICE}" "${TAG}" "${ADDRESS}"
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 8d495d2..e393f5f 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -197,7 +197,7 @@ hook_create() {
+
+ device_exists "${port}" && exit ${EXIT_OK}
+
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Check if the PHY is present.
+ local phy=$(phy_get ${PHY})
+diff --git a/src/hooks/ports/wireless-mesh b/src/hooks/ports/wireless-mesh
+index 306263d..35f0950 100644
+--- a/src/hooks/ports/wireless-mesh
++++ b/src/hooks/ports/wireless-mesh
+@@ -90,7 +90,7 @@ hook_create() {
+ assert isset port
+
+ # Read settings
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ # Check if the PHY is present.
+ local phy="$(phy_get "${PHY}")"
+@@ -149,7 +149,7 @@ hook_hotplug() {
+ local port="${1}"
+ assert isset port
+
+- port_settings_read "${port}" ${HOOK_SETTINGS[*]}
++ port_settings_read "${port}"
+
+ case "$(hotplug_action)" in
+ add)
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,162 @@
+From 12f9c8d2550c8fcab536bb8b971caddfa8ee0c80 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 14:58:12 +0100
+Subject: [PATCH 039/304] hotplug: Remove multiple copies of the same function
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/header-port | 26 ++++++++++++++++++++++++++
+ src/hooks/ports/dummy | 36 +-----------------------------------
+ src/hooks/ports/ethernet | 22 +---------------------
+ src/hooks/ports/ip-tunnel | 23 +----------------------
+ 4 files changed, 29 insertions(+), 78 deletions(-)
+
+diff --git a/src/header-port b/src/header-port
+index 2d8a820..d75fdd8 100644
+--- a/src/header-port
++++ b/src/header-port
+@@ -42,6 +42,32 @@ hook_hotplug_rename() {
+ exit ${EXIT_FALSE}
+ }
+
++hook_hotplug_rename_by_address() {
++ local port="${1}"
++ assert isset port
++
++ local device="${2}"
++ assert isset device
++
++ # Read in the conifguration file.
++ if ! port_settings_read "${port}"; then
++ return ${EXIT_ERROR}
++ fi
++
++ # Get the current MAC address of the device.
++ local address="$(device_get_address "${device}")"
++ assert isset address
++
++ # Check if the address matches with the configuration.
++ if list_match "${address}" "${ADDRESS}" "${DEVICE}"; then
++ log DEBUG "Device '${device}' is port '${port}'"
++ return ${EXIT_OK}
++ fi
++
++ log DEBUG "Device '${device}' is not port '${port}'"
++ return ${EXIT_ERROR}
++}
++
+ hook_default_new() {
+ local ${HOOK_SETTINGS[*]}
+
+diff --git a/src/hooks/ports/dummy b/src/hooks/ports/dummy
+index 387c88b..3688831 100644
+--- a/src/hooks/ports/dummy
++++ b/src/hooks/ports/dummy
+@@ -90,40 +90,6 @@ hook_remove() {
+ dummy_remove "${port}"
+ }
+
+-hook_up() {
+- local port="${1}"
+- assert isset port
+-
+- # Bring up the port.
+- device_set_up ${port}
+-
+- exit ${EXIT_OK}
+-}
+-
+-hook_down() {
+- local port="${1}"
+- assert isset port
+-
+- # Tear down the port.
+- device_set_down ${port}
+-
+- exit ${EXIT_OK}
+-}
+-
+ hook_hotplug_rename() {
+- local port=${1}
+- assert isset port
+-
+- local device=${2}
+- assert isset device
+-
+- port_settings_read "${port}"
+-
+- if [ "${ADDRESS}" = "$(device_get_address ${device})" ]; then
+- log DEBUG "Device '${device}' equals port '${port}'."
+- exit ${EXIT_OK}
+- fi
+-
+- log DEBUG "Device '${device}' does not equal port '${port}'."
+- exit ${EXIT_ERROR}
++ hook_hotplug_rename_by_address "$@"
+ }
+diff --git a/src/hooks/ports/ethernet b/src/hooks/ports/ethernet
+index 5f76e15..82664fa 100644
+--- a/src/hooks/ports/ethernet
++++ b/src/hooks/ports/ethernet
+@@ -173,25 +173,5 @@ hook_remove() {
+ }
+
+ hook_hotplug_rename() {
+- local port=${1}
+- assert isset port
+-
+- local device=${2}
+- assert isset device
+-
+- # Read in the conifguration file.
+- port_settings_read "${port}"
+-
+- # Get the current MAC address of the device.
+- local address=$(device_get_address ${device})
+- assert isset address
+-
+- # Check if the address matches with the configuration.
+- if list_match "${address}" ${DEVICE} ${ADDRESS}; then
+- log DEBUG "Device '${device}' equals port '${port}'."
+- exit ${EXIT_OK}
+- fi
+-
+- log DEBUG "Device '${device}' does not equal port '${port}'."
+- exit ${EXIT_ERROR}
++ hook_hotplug_rename_by_address "$@"
+ }
+diff --git a/src/hooks/ports/ip-tunnel b/src/hooks/ports/ip-tunnel
+index fa7193c..482511e 100644
+--- a/src/hooks/ports/ip-tunnel
++++ b/src/hooks/ports/ip-tunnel
+@@ -146,26 +146,5 @@ hook_remove() {
+ }
+
+ hook_hotplug_rename() {
+- local port="${1}"
+- assert isset port
+-
+- local device="${2}"
+- assert isset device
+-
+- local ${HOOK_SETTINGS[*]}
+- if ! port_settings_read "${port}"; then
+- log ERROR "Could not read settings for port ${port}"
+- return ${EXIT_ERROR}
+- fi
+-
+- # Get the current MAC address of the device.
+- local address="$(device_get_address ${device})"
+- assert isset address
+-
+- # Return OK on match
+- if [ "${ADDRESS}" = "${address}" ]; then
+- return ${EXIT_OK}
+- fi
+-
+- return ${EXIT_ERROR}
++ hook_hotplug_rename_by_address "$@"
+ }
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,58 @@
+From 66fdbcaf15d3fb7ce4a1e0f7e6299818f4638c84 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 15:02:34 +0100
+Subject: [PATCH 040/304] wireless-ap: Remove support for WPA
+
+This is a deprecated protocol and not secure.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 8 +-------
+ src/hooks/ports/wireless-ap | 2 +-
+ 2 files changed, 2 insertions(+), 8 deletions(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 79fb4db..d3eaa74 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -138,7 +138,7 @@ hostapd_config_write() {
+
+ # Check if key is set when encryption is used.
+ if isset encryption; then
+- assert isoneof encryption WPA WPA2 WPA/WPA2
++ assert isoneof encryption WPA2
+ assert isset key
+ fi
+
+@@ -398,15 +398,9 @@ hostapd_config_write() {
+ if isset encryption; then
+ local encryption_mode=0
+ case "${encryption}" in
+- WPA)
+- encryption_mode=1
+- ;;
+ WPA2)
+ encryption_mode=2
+ ;;
+- WPA/WPA2)
+- encryption_mode=3
+- ;;
+ esac
+
+ (
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index e393f5f..a964fac 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -65,7 +65,7 @@ hook_check_settings() {
+ assert isset SSID
+
+ if isset ENCRYPTION; then
+- assert isoneof ENCRYPTION WPA WPA2 WPA/WPA2
++ assert isoneof ENCRYPTION WPA2
+
+ assert isset KEY
+ assert [ ${#KEY} -ge 8 ]
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,280 @@
+From 0a4c5abab952ae0d864505f037f46cd0a27d6701 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 16:12:53 +0100
+Subject: [PATCH 041/304] wireless-ap: Add support for WPA3 and rewrite WPA2
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 90 +++++++++++++++++++++----------
+ src/helpers/hostapd-config-helper | 5 +-
+ src/hooks/ports/wireless-ap | 38 +++++++------
+ 3 files changed, 86 insertions(+), 47 deletions(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index d3eaa74..6c2fbd9 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -61,13 +61,14 @@ hostapd_config_write() {
+ local channel_bandwidth
+ local country_code="$(wireless_get_reg_domain)"
+ local dfs="on"
+- local encryption
+ local environment="${WIRELESS_DEFAULT_ENVIRONMENT}"
+- local key
+ local mfp="off"
+ local mode
++ local secret
+ local ssid
+ local wmm="1"
++ local wpa2_personal="off"
++ local wpa3_personal="off"
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+@@ -89,9 +90,6 @@ hostapd_config_write() {
+ --environment=*)
+ environment="$(cli_get_val "${1}")"
+ ;;
+- --key=*)
+- key=$(cli_get_val "${1}")
+- ;;
+ --mfp=*)
+ mfp="$(cli_get_val "${1}")"
+ ;;
+@@ -103,6 +101,9 @@ hostapd_config_write() {
+ return ${EXIT_ERROR}
+ fi
+ ;;
++ --secret=*)
++ secret="$(cli_get_val "${1}")"
++ ;;
+ --ssid=*)
+ ssid=$(cli_get_val "${1}")
+ ;;
+@@ -114,6 +115,12 @@ hostapd_config_write() {
+ wmm="0"
+ fi
+ ;;
++ --wpa2-personal=*)
++ wpa2_personal="$(cli_get_bool "${1}")"
++ ;;
++ --wpa3-personal=*)
++ wpa3_personal="$(cli_get_bool "${1}")"
++ ;;
+ *)
+ warning_log "Ignoring unknown argument '${1}'."
+ ;;
+@@ -136,12 +143,6 @@ hostapd_config_write() {
+ assert isset mode
+ assert isset ssid
+
+- # Check if key is set when encryption is used.
+- if isset encryption; then
+- assert isoneof encryption WPA2
+- assert isset key
+- fi
+-
+ # Check wireless environment
+ if ! wireless_environment_is_valid "${environment}"; then
+ error "Invalid wireless environment: ${environment}"
+@@ -166,6 +167,12 @@ hostapd_config_write() {
+ return ${EXIT_ERROR}
+ fi
+
++ # Check if secret is set for personal authentication
++ if ! isset secret && (enabled WPA3_PERSONAL ||Â enabled WPA2_PERSONAL); then
++ error "Secret not set but personal authentication enabled"
++ return ${EXIT_ERROR}
++ fi
++
+ # 802.11ac/n flags
+ local ieee80211ac
+ local ieee80211n
+@@ -394,27 +401,52 @@ hostapd_config_write() {
+ print
+ ) >> ${file}
+
+- # Encryption settings
+- if isset encryption; then
+- local encryption_mode=0
+- case "${encryption}" in
+- WPA2)
+- encryption_mode=2
+- ;;
+- esac
++ # Authentication Settings
++ local wpa
++ local wpa_key_mgmt
++ local wpa_passphrase
++ local sae_password
++ local wpa_strict_rekey
++
++ # WPA3 Personal
++ if enabled WPA3_PERSONAL; then
++ # Enable RSN
++ wpa="2"
++
++ # Add WPA key management
++ list_append wpa_key_mgmt "SAE"
++ sae_password="${secret}"
++ fi
++
++ # WPA2 Personal
++ if enabled WPA2_PERSONAL; then
++ # Enable RSN
++ wpa="2"
++
++ # Add WPA key management
++ list_append wpa_key_mgmt "WPA-PSK-SHA256" "WPA-PSK"
++ wpa_passphrase="${secret}"
+
+- (
+- print "# Encryption settings"
+- print "wpa=${encryption_mode}"
+- print "wpa_passphrase=${key}"
+- print "wpa_key_mgmt=WPA-PSK-SHA256 WPA-PSK"
+- print "wpa_pairwise=${pairwise_ciphers[*]}"
+- print "rsn_pairwise=${pairwise_ciphers[*]}"
+- print "group_cipher=${group_ciphers[*]}"
+- print
+- ) >> ${file}
++ # Enable WPA strict rekey
++ wpa_strict_rekey="1"
+ fi
+
++ # Enable RSN ciphers when RSN is enabled
++ local rsn_pairwise
++ local group_cipher
++ if [ "${wpa}" = "2" ]; then
++ rsn_pairwise="${pairwise_ciphers[*]}"
++ group_cipher="${group_ciphers[*]}"
++ fi
++
++ local var
++ for var in wpa wpa_key_mgmt wpa_passphrase sae_password \
++ rsn_pairwise group_cipher wpa_strict_rekey; do
++ if [ -n "${!var}" ]; then
++ print "${var}=${!var}"
++ fi
++ done >> "${file}"
++
+ # Log configuration file
+ file_to_log DEBUG "${file}"
+
+diff --git a/src/helpers/hostapd-config-helper b/src/helpers/hostapd-config-helper
+index 7af723d..6d9f685 100644
+--- a/src/helpers/hostapd-config-helper
++++ b/src/helpers/hostapd-config-helper
+@@ -42,12 +42,13 @@ case "${action}" in
+ --channel="${CHANNEL}" \
+ --channel-bandwidth="${CHANNEL_BANDWIDTH}" \
+ --dfs="${DFS}" \
+- --encryption="${ENCRYPTION}" \
+ --environment="${ENVIRONMENT}" \
+- --key="${KEY}" \
++ --secret="${SECRET}" \
+ --mfp="${MFP}" \
+ --mode="${MODE}" \
+ --ssid="${SSID}" \
++ --wpa3-personal="${WPA3_PERSONAL}" \
++ --wpa2-personal="${WPA2_PERSONAL}" \
+ || exit $?
+ ;;
+
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index a964fac..7176ee5 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -29,15 +29,20 @@ HOOK_SETTINGS=(
+ "CHANNEL"
+ "CHANNEL_BANDWIDTH"
+ "DFS"
+- "ENCRYPTION"
+ "ENVIRONMENT"
+- "KEY"
+ "MFP"
+ "MODE"
+ "PHY"
++ "SECRET"
+ "SSID"
++ "WPA3_PERSONAL"
++ "WPA2_PERSONAL"
+ )
+
++# Disable WPA3+2 by default
++DEFAULT_WPA3_PERSONAL="off"
++DEFAULT_WPA2_PERSONAL="off"
++
+ # Broadcast SSID by default
+ DEFAULT_BROADCAST_SSID="on"
+
+@@ -64,14 +69,6 @@ hook_check_settings() {
+ assert ismac PHY
+ assert isset SSID
+
+- if isset ENCRYPTION; then
+- assert isoneof ENCRYPTION WPA2
+-
+- assert isset KEY
+- assert [ ${#KEY} -ge 8 ]
+- assert [ ${#KEY} -le 63 ]
+- fi
+-
+ assert wireless_environment_is_valid "${ENVIRONMENT}"
+ }
+
+@@ -99,9 +96,6 @@ hook_parse_cmdline() {
+ return ${EXIT_ERROR}
+ fi
+ ;;
+- --encryption=*)
+- ENCRYPTION=$(cli_get_val "${1}")
+- ;;
+ --environment=*)
+ ENVIRONMENT="$(cli_get_val "${1}")"
+
+@@ -110,9 +104,6 @@ hook_parse_cmdline() {
+ return ${EXIT_ERROR}
+ fi
+ ;;
+- --key=*)
+- KEY=$(cli_get_val "${1}")
+- ;;
+ --mac=*)
+ ADDRESS=$(cli_get_val "${1}")
+ ;;
+@@ -140,9 +131,18 @@ hook_parse_cmdline() {
+ --phy=*)
+ PHY=$(cli_get_val "${1}")
+ ;;
++ --secret=*)
++ SECRET="$(cli_get_val "${1}")"
++ ;;
+ --ssid=*)
+ SSID=$(cli_get_val "${1}")
+ ;;
++ --wpa2-personal=*)
++ WPA2_PERSONAL="$(cli_get_bool "${1}")"
++ ;;
++ --wpa3-personal=*)
++ WPA3_PERSONAL="$(cli_get_bool "${1}")"
++ ;;
+ *)
+ warning "Ignoring unknown argument '${1}'"
+ ;;
+@@ -174,6 +174,12 @@ hook_parse_cmdline() {
+ return ${EXIT_ERROR}
+ fi
+
++ # Check if SECRET is set when WPA* is enabled
++ if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
++ error "Secret is not set when PSK authentication is enabled"
++ return ${EXIT_ERROR}
++ fi
++
+ # Save address of phy do identify it again
+ PHY=$(phy_get ${PHY})
+ PHY=$(phy_get_address ${PHY})
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,27 @@
+From 729cc3a2518ac4db00dd2ab390f7d253154f3333 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 16:19:24 +0100
+Subject: [PATCH 042/304] hotplug-rename: Drop unused variable
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/udev/network-hotplug-rename | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/udev/network-hotplug-rename b/src/udev/network-hotplug-rename
+index 903a07c..5f82f7c 100644
+--- a/src/udev/network-hotplug-rename
++++ b/src/udev/network-hotplug-rename
+@@ -28,9 +28,6 @@ LOG_DISABLE_STDOUT="true"
+ # Read network settings
+ network_settings_read
+
+-# Setup the locking
+-LOCKFILE="${LOCK_DIR}/.network-rename-lock"
+-
+ # Check if the INTERFACE variable is properly set.
+ assert isset INTERFACE
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,29 @@
+From 21ef3b742e6031cb40d0da94015aced31fc18be2 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 16:22:45 +0100
+Subject: [PATCH 043/304] hostapd: Allow WPA2 authentication only with SHA256
+
+This experimental change disables support for the legacy WPA2
+authentication that does not support SHA256.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 6c2fbd9..095beb8 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -424,7 +424,7 @@ hostapd_config_write() {
+ wpa="2"
+
+ # Add WPA key management
+- list_append wpa_key_mgmt "WPA-PSK-SHA256" "WPA-PSK"
++ list_append wpa_key_mgmt "WPA-PSK-SHA256"
+ wpa_passphrase="${secret}"
+
+ # Enable WPA strict rekey
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,31 @@
+From 298a1ffe3f10ec14416c3aed19bb541553de160a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 16:23:55 +0100
+Subject: [PATCH 044/304] wireless-ap: Enable 802.11w by default
+
+This causes some problems on broken Intel systems, but I
+guess it is better to prefer security than compatibility in the
+default settings.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/wireless-ap | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 7176ee5..9676369 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -50,8 +50,7 @@ DEFAULT_BROADCAST_SSID="on"
+ DEFAULT_DFS="on"
+
+ # 802.11w - Management Frame Protection
+-# Disable by default because many clients cannot connect when enabled
+-DEFAULT_MFP="off"
++DEFAULT_MFP="on"
+
+ DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,100 @@
+From f6659cc56ecdef375fb868a3a44ada37b4cbfc3c Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 16:30:05 +0100
+Subject: [PATCH 045/304] hooks: Use cli_get_bool convenience function where
+ ever possible
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/bonding | 11 +----------
+ src/hooks/ports/ethernet | 11 +----------
+ src/hooks/ports/wireless-ap | 22 ++--------------------
+ 3 files changed, 4 insertions(+), 40 deletions(-)
+
+diff --git a/src/hooks/ports/bonding b/src/hooks/ports/bonding
+index a0cf5c0..96cb854 100644
+--- a/src/hooks/ports/bonding
++++ b/src/hooks/ports/bonding
+@@ -59,16 +59,7 @@ hook_parse_cmdline() {
+ MODE=$(cli_get_val "${1}")
+ ;;
+ --offloading=*)
+- OFFLOADING="$(cli_get_val "${1}")"
+-
+- if enabled OFFLOADING; then
+- OFFLOADING="on"
+- elif disabled OFFLOADING; then
+- OFFLOADING="off"
+- else
+- error "Invalid value for offloading: ${OFFLOADING}"
+- return ${EXIT_ERROR}
+- fi
++ OFFLOADING="$(cli_get_bool "${1}")"
+ ;;
+ +*)
+ local slave=$(cli_get_val "${1:1}")
+diff --git a/src/hooks/ports/ethernet b/src/hooks/ports/ethernet
+index 82664fa..80b5503 100644
+--- a/src/hooks/ports/ethernet
++++ b/src/hooks/ports/ethernet
+@@ -85,16 +85,7 @@ hook_parse_cmdline() {
+ ;;
+
+ --offloading=*)
+- OFFLOADING="$(cli_get_val "${1}")"
+-
+- if enabled OFFLOADING; then
+- OFFLOADING="on"
+- elif disabled OFFLOADING; then
+- OFFLOADING="off"
+- else
+- error "Invalid value for offloading: ${OFFLOADING}"
+- return ${EXIT_ERROR}
+- fi
++ OFFLOADING="$(cli_get_bool "${1}")"
+ ;;
+
+ *)
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 9676369..2528585 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -84,16 +84,7 @@ hook_parse_cmdline() {
+ CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
+ ;;
+ --dfs=*)
+- DFS="$(cli_get_val "${1}")"
+-
+- if enabled DFS; then
+- DFS="on"
+- elif disabled DFS; then
+- DFS="off"
+- else
+- error "Invalid value for DFS: ${DFS}"
+- return ${EXIT_ERROR}
+- fi
++ DFS="$(cli_get_bool "${1}")"
+ ;;
+ --environment=*)
+ ENVIRONMENT="$(cli_get_val "${1}")"
+@@ -107,16 +98,7 @@ hook_parse_cmdline() {
+ ADDRESS=$(cli_get_val "${1}")
+ ;;
+ --mfp=*)
+- MFP="$(cli_get_val "${1}")"
+-
+- if enabled MFP; then
+- MFP="on"
+- elif disabled MFP; then
+- MFP="off"
+- else
+- error "Invalid value for --mfp: ${MFP}"
+- return ${EXIT_ERROR}
+- fi
++ MFP="$(cli_get_bool "${1}")"
+ ;;
+ --mode=*)
+ MODE=$(cli_get_val "${1}")
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,196 @@
+From 636f1b96fc0b60c47cf5636f95b1ee6c856a701c Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 16:54:04 +0100
+Subject: [PATCH 046/304] hook: Rename HOOK_CONFIG_SETTINGS to HOOK_SETTINGS
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.zone | 8 ++++----
+ src/header-config | 5 ++++-
+ src/hooks/configs/dhcp | 13 +++++++++----
+ src/hooks/configs/ipv6-auto | 15 +++++----------
+ src/hooks/configs/pppoe-server | 24 +++++++++---------------
+ src/hooks/configs/static | 6 +++++-
+ 6 files changed, 36 insertions(+), 35 deletions(-)
+
+diff --git a/src/functions/functions.zone b/src/functions/functions.zone
+index e81371b..28fbecd 100644
+--- a/src/functions/functions.zone
++++ b/src/functions/functions.zone
+@@ -1312,8 +1312,8 @@ zone_config_settings_read() {
+ shift 2
+
+ local args
+- if [ $# -eq 0 ] && [ -n "${HOOK_CONFIG_SETTINGS}" ]; then
+- list_append args ${HOOK_CONFIG_SETTINGS}
++ if [ $# -eq 0 ] && [ -n "${HOOK_SETTINGS[*]}" ]; then
++ list_append args ${HOOK_SETTINGS[*]}
+ else
+ list_append args "$@"
+ fi
+@@ -1323,7 +1323,7 @@ zone_config_settings_read() {
+ }
+
+ zone_config_settings_write() {
+- assert [ $# -eq 2 ]
++ assert [ $# -eq 3 ]
+
+ local zone="${1}"
+ local hook="${2}"
+@@ -1333,7 +1333,7 @@ zone_config_settings_write() {
+
+ local path="${NETWORK_ZONES_DIR}/${zone}/configs/${hook}.${id}"
+ settings_write "${path}" \
+- --check="hook_check_config_settings" ${HOOK_CONFIG_SETTINGS[*]}
++ --check="hook_check_config_settings" HOOK ${HOOK_SETTINGS[*]}
+ }
+
+ zone_config_settings_destroy() {
+diff --git a/src/header-config b/src/header-config
+index 4458eaa..baeca5e 100644
+--- a/src/header-config
++++ b/src/header-config
+@@ -26,6 +26,9 @@ hook_new() {
+ local id=$(zone_config_get_new_id ${zone})
+ log DEBUG "ID for the config is: ${id}"
+
++ # Import all default variables
++ hook_set_defaults
++
+ # Parse command line arguments
+ if ! hook_parse_cmdline "${id}" "$@"; then
+ # Return an error if the parsing of the cmd line fails
+@@ -64,7 +67,7 @@ hook_edit() {
+ fi
+ fi
+
+- local ${HOOK_CONFIG_SETTINGS}
++ local ${HOOK_SETTINGS}
+
+ # If reading the config fails we cannot go on
+ if ! zone_config_settings_read "${zone}" "${config}"; then
+diff --git a/src/hooks/configs/dhcp b/src/hooks/configs/dhcp
+index b643022..1ad0694 100644
+--- a/src/hooks/configs/dhcp
++++ b/src/hooks/configs/dhcp
+@@ -21,11 +21,13 @@
+
+ . /usr/lib/network/header-config
+
+-HOOK_CONFIG_SETTINGS="HOOK ENABLE_IPV6 ENABLE_IPV4"
++HOOK_SETTINGS=(
++ "ENABLE_IPV6"
++ "ENABLE_IPV4"
++)
+
+-# Default settings.
+-ENABLE_IPV6="on"
+-ENABLE_IPV4="on"
++DEFAULT_ENABLE_IPV6="on"
++DEFAULT_ENABLE_IPV4="on"
+
+ hook_check_config_settings() {
+ assert isset ENABLE_IPV6
+@@ -78,6 +80,9 @@ hook_new() {
+ local id=$(zone_config_get_new_id ${zone})
+ log DEBUG "ID for the config is: ${id}"
+
++ # Import defaults
++ hook_set_defaults
++
+ if ! hook_parse_cmdline "${id}" "$@"; then
+ # Return an error if the parsing of the cmd line fails
+ return ${EXIT_ERROR}
+diff --git a/src/hooks/configs/ipv6-auto b/src/hooks/configs/ipv6-auto
+index 8796723..6fd90a5 100644
+--- a/src/hooks/configs/ipv6-auto
++++ b/src/hooks/configs/ipv6-auto
+@@ -21,10 +21,12 @@
+
+ . /usr/lib/network/header-config
+
+-HOOK_CONFIG_SETTINGS="HOOK PRIVACY_EXTENSIONS"
++HOOK_SETTINGS=(
++ "PRIVACY_EXTENSIONS"
++)
+
+ # Privacy Extensions are disabled by default
+-PRIVACY_EXTENSIONS="off"
++DEFAULT_PRIVACY_EXTENSIONS="off"
+
+ hook_check_config_settings() {
+ assert isbool PRIVACY_EXTENSIONS
+@@ -35,17 +37,10 @@ hook_parse_cmdline() {
+ shift
+
+ local arg
+-
+ while read arg; do
+ case "${arg}" in
+ --privacy-extensions=*)
+- local val="$(cli_get_val "${arg}")"
+-
+- if enabled val; then
+- PRIVACY_EXTENSIONS="on"
+- else
+- PRIVACY_EXTENSIONS="off"
+- fi
++ PRIVACY_EXTENSIONS="$(cli_get_bool "${arg}")"
+ ;;
+ esac
+ done <<< "$(args "$@")"
+diff --git a/src/hooks/configs/pppoe-server b/src/hooks/configs/pppoe-server
+index 6a2c014..4d79549 100644
+--- a/src/hooks/configs/pppoe-server
++++ b/src/hooks/configs/pppoe-server
+@@ -21,21 +21,15 @@
+
+ . /usr/lib/network/header-config
+
+-HOOK_CONFIG_SETTINGS="HOOK DNS_SERVERS MTU SERVICE_NAME SUBNET MAX_SESSIONS"
+-
+-# Maximum Transmission Unit.
+-MTU=1492
+-
+-# Service Name.
+-SERVICE_NAME=
+-
+-# A subnet. Addresses from this subnet will be given to the remote hosts.
+-# The net address will be the gateway address for the PPPoE server.
+-SUBNET=
+-
+-# Defines the max. number of sessions per MAC address.
+-# 0 = unlimited.
+-MAX_SESSIONS=0
++HOOK_SETTINGS=(
++ "DNS_SERVERS"
++ "MTU"
++ "SERVICE_NAME"
++ "SUBNET MAX_SESSIONS"
++)
++
++DEFAULT_MTU=1492
++DEFAULT_MAX_SESSIONS=0
+
+ hook_check_config_settings() {
+ assert isset MTU
+diff --git a/src/hooks/configs/static b/src/hooks/configs/static
+index 23ae2d8..6fddc32 100644
+--- a/src/hooks/configs/static
++++ b/src/hooks/configs/static
+@@ -21,7 +21,11 @@
+
+ . /usr/lib/network/header-config
+
+-HOOK_CONFIG_SETTINGS="HOOK ADDRESS PREFIX GATEWAY"
++HOOK_SETTINGS=(
++ "ADDRESS"
++ "PREFIX"
++ "GATEWAY"
++)
+
+ hook_check_config_settings() {
+ local protocol="$(ip_detect_protocol "${ADDRESS}")"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,99 @@
+From 8ece5c30bf5917d4cd6dfb460207d1e85eb5df73 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 16:57:31 +0100
+Subject: [PATCH 047/304] dhcp: Rename "enabled" from configuration parameters
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/configs/dhcp | 38 +++++++++++++++-----------------------
+ 1 file changed, 15 insertions(+), 23 deletions(-)
+
+diff --git a/src/hooks/configs/dhcp b/src/hooks/configs/dhcp
+index 1ad0694..1c75193 100644
+--- a/src/hooks/configs/dhcp
++++ b/src/hooks/configs/dhcp
+@@ -22,18 +22,16 @@
+ . /usr/lib/network/header-config
+
+ HOOK_SETTINGS=(
+- "ENABLE_IPV6"
+- "ENABLE_IPV4"
++ "IPV6"
++ "IPV4"
+ )
+
+-DEFAULT_ENABLE_IPV6="on"
+-DEFAULT_ENABLE_IPV4="on"
++DEFAULT_IPV6="on"
++DEFAULT_IPV4="on"
+
+ hook_check_config_settings() {
+- assert isset ENABLE_IPV6
+- assert isbool ENABLE_IPV6
+- assert isset ENABLE_IPV4
+- assert isbool ENABLE_IPV4
++ assert isbool IPV6
++ assert isbool IPV4
+ }
+
+ hook_parse_cmdline() {
+@@ -42,17 +40,11 @@ hook_parse_cmdline() {
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+- --enable-ipv6)
+- ENABLE_IPV6="on"
++ --ipv6)
++ IPV6="$(cli_get_bool "${1}")"
+ ;;
+- --disable-ipv6)
+- ENABLE_IPV6="off"
+- ;;
+- --enable-ipv4)
+- ENABLE_IPV4="on"
+- ;;
+- --disable-ipv4)
+- ENABLE_IPV4="off"
++ --ipv4)
++ IPV4="$(cli_get_bool "${1}")"
+ ;;
+ *)
+ warning "Ignoring unknown option '${1}'"
+@@ -62,8 +54,8 @@ hook_parse_cmdline() {
+ done
+
+ # Check if the user disabled ipv6 and ipv4
+- if ! enabled ENABLE_IPV6 && ! enabled ENABLE_IPV4; then
+- log ERROR "You disabled IPv6 and IPv4. At least one must be enabled"
++ if ! enabled IPV6 && ! enabled IPV4; then
++ error "You disabled IPv6 and IPv4. At least one must be enabled"
+ return ${EXIT_ERROR}
+ fi
+ }
+@@ -106,12 +98,12 @@ hook_up() {
+ zone_config_settings_read "${zone}" "${config}"
+
+ # Start dhclient for IPv6 on this zone if enabled.
+- if enabled ENABLE_IPV6; then
++ if enabled IPV6; then
+ dhclient_start ${zone} ipv6
+ fi
+
+ # Start dhclient for IPv4 on this zone if enabled.
+- if enabled ENABLE_IPV4; then
++ if enabled IPV4; then
+ dhclient_start ${zone} ipv4
+ fi
+
+@@ -165,7 +157,7 @@ hook_status() {
+
+ cli_print_fmt1 3 "${proto}"
+
+- if enabled ENABLE_${proto^^}; then
++ if enabled "${proto^^}"; then
+ cli_print_fmt1 4 "Status" "enabled"
+
+ local address="$(db_get "${zone}/${_proto}/local-ip-address")"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,30 @@
+From e80eb68607dbdad381e3bb113521609c44fa8cd6 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 17:05:44 +0100
+Subject: [PATCH 048/304] dhcp: Fix syntax error in last commit
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/configs/dhcp | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/hooks/configs/dhcp b/src/hooks/configs/dhcp
+index 1c75193..ba5608a 100644
+--- a/src/hooks/configs/dhcp
++++ b/src/hooks/configs/dhcp
+@@ -40,10 +40,10 @@ hook_parse_cmdline() {
+
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+- --ipv6)
++ --ipv6=*)
+ IPV6="$(cli_get_bool "${1}")"
+ ;;
+- --ipv4)
++ --ipv4=*)
+ IPV4="$(cli_get_bool "${1}")"
+ ;;
+ *)
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,158 @@
+From fdd9ac5fdd66b6cbdf014554281a9bb11ed0379d Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 17:05:58 +0100
+Subject: [PATCH 049/304] hooks: Add HOOK_UNIQUE which stops us from creating
+ multiple instances
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/header-config | 9 +++++++++
+ src/hooks/configs/dhcp | 25 -------------------------
+ src/hooks/configs/ipv6-auto | 22 ----------------------
+ src/hooks/configs/pppoe-server | 22 ----------------------
+ src/hooks/configs/static | 3 +++
+ 5 files changed, 12 insertions(+), 69 deletions(-)
+
+diff --git a/src/header-config b/src/header-config
+index baeca5e..c6a775c 100644
+--- a/src/header-config
++++ b/src/header-config
+@@ -19,10 +19,19 @@
+ # #
+ ###############################################################################
+
++# Allow only one instance of this hook
++HOOK_UNIQUE="true"
++
+ hook_new() {
+ local zone="${1}"
+ shift
+
++ # Check if we are allowed to have multiple configurations of $HOOK
++ if enabled HOOK_UNIQUE && zone_config_hook_is_configured "${zone}" "${HOOK}"; then
++ error "You can only have one configuration of type ${HOOK}"
++ return ${EXIT_CONF_ERROR}
++ fi
++
+ local id=$(zone_config_get_new_id ${zone})
+ log DEBUG "ID for the config is: ${id}"
+
+diff --git a/src/hooks/configs/dhcp b/src/hooks/configs/dhcp
+index ba5608a..127ce59 100644
+--- a/src/hooks/configs/dhcp
++++ b/src/hooks/configs/dhcp
+@@ -60,31 +60,6 @@ hook_parse_cmdline() {
+ fi
+ }
+
+-hook_new() {
+- local zone="${1}"
+- shift
+-
+- if zone_config_hook_is_configured ${zone} "dhcp"; then
+- log ERROR "You can configure the dhcp hook only once for a zone"
+- return ${EXIT_ERROR}
+- fi
+-
+- local id=$(zone_config_get_new_id ${zone})
+- log DEBUG "ID for the config is: ${id}"
+-
+- # Import defaults
+- hook_set_defaults
+-
+- if ! hook_parse_cmdline "${id}" "$@"; then
+- # Return an error if the parsing of the cmd line fails
+- return ${EXIT_ERROR}
+- fi
+-
+- zone_config_settings_write "${zone}" "${HOOK}" "${id}"
+-
+- exit ${EXIT_OK}
+-}
+-
+ hook_up() {
+ local zone=${1}
+ local config=${2}
+diff --git a/src/hooks/configs/ipv6-auto b/src/hooks/configs/ipv6-auto
+index 6fd90a5..ecfafcd 100644
+--- a/src/hooks/configs/ipv6-auto
++++ b/src/hooks/configs/ipv6-auto
+@@ -46,28 +46,6 @@ hook_parse_cmdline() {
+ done <<< "$(args "$@")"
+ }
+
+-hook_new() {
+- local zone="${1}"
+- shift
+-
+- if zone_config_hook_is_configured ${zone} "ipv6-auto"; then
+- log ERROR "You can configure the ipv6-auto hook only once for a zone"
+- return ${EXIT_ERROR}
+- fi
+-
+- local id=$(zone_config_get_new_id ${zone})
+- log DEBUG "ID for the config is: ${id}"
+-
+- if ! hook_parse_cmdline "${id}" "$@"; then
+- # Return an error if the parsing of the cmd line fails
+- return ${EXIT_ERROR}
+- fi
+-
+- zone_config_settings_write "${zone}" "${HOOK}" "${id}"
+-
+- exit ${EXIT_OK}
+-}
+-
+ hook_up() {
+ local zone=${1}
+ shift
+diff --git a/src/hooks/configs/pppoe-server b/src/hooks/configs/pppoe-server
+index 4d79549..e800bf4 100644
+--- a/src/hooks/configs/pppoe-server
++++ b/src/hooks/configs/pppoe-server
+@@ -93,28 +93,6 @@ hook_parse_cmdline() {
+ done
+ }
+
+-hook_new() {
+- local zone=${1}
+- shift
+-
+- if zone_config_hook_is_configured ${zone} "pppoe-server"; then
+- log ERROR "You can configure the pppoe-server hook only once for a zone"
+- return ${EXIT_ERROR}
+- fi
+-
+- local id=$(zone_config_get_new_id ${zone})
+- log DEBUG "ID for the config is: ${id}"
+-
+- if ! hook_parse_cmdline "${id}" "$@"; then
+- # Return an error if the parsing of the cmd line fails
+- return ${EXIT_ERROR}
+- fi
+-
+- zone_config_settings_write "${zone}" "${HOOK}" "${id}"
+-
+- exit ${EXIT_OK}
+-}
+-
+ hook_up() {
+ local zone=${1}
+ local config=${2}
+diff --git a/src/hooks/configs/static b/src/hooks/configs/static
+index 6fddc32..046183a 100644
+--- a/src/hooks/configs/static
++++ b/src/hooks/configs/static
+@@ -21,6 +21,9 @@
+
+ . /usr/lib/network/header-config
+
++# Allow multiple instances of this hook
++HOOK_UNIQUE="false"
++
+ HOOK_SETTINGS=(
+ "ADDRESS"
+ "PREFIX"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,105 @@
+From d695b280e9972311ae8c4bc688c0898ade1281e6 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 18:14:07 +0100
+Subject: [PATCH 050/304] wireless-ap: Check that secret has the correct length
+ and no invalid characters
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.util | 13 +++++++++++++
+ src/functions/functions.wireless | 23 +++++++++++------------
+ src/hooks/ports/wireless-ap | 14 +++++++++++---
+ 3 files changed, 35 insertions(+), 15 deletions(-)
+
+diff --git a/src/functions/functions.util b/src/functions/functions.util
+index 4c1dbb4..7379a98 100644
+--- a/src/functions/functions.util
++++ b/src/functions/functions.util
+@@ -745,6 +745,19 @@ contains_spaces() {
+ return ${EXIT_FALSE}
+ }
+
++contains_non_ascii_characters() {
++ local value="$@"
++
++ # Strip away all ASCII characters
++ local non_ascii="${value//[[:ascii:]]/}"
++
++ if isset non_ascii; then
++ return ${EXIT_TRUE}
++ fi
++
++ return ${EXIT_FALSE}
++}
++
+ string_match() {
+ local match=${1}
+ local string=${2}
+diff --git a/src/functions/functions.wireless b/src/functions/functions.wireless
+index 12204c0..733a356 100644
+--- a/src/functions/functions.wireless
++++ b/src/functions/functions.wireless
+@@ -397,24 +397,23 @@ wireless_set_channel() {
+ }
+
+ wireless_pre_shared_key_is_valid() {
+- local encryption_mode="${1}"
+- local psk="${2}"
++ local psk="${1}"
+
+ # Length of the PSK
+ local l="${#psk}"
+
+- case "${encryption_mode}" in
+- # For WPA*, the key must be between 8 and 63 chars
+- WPA2-PSK|WPA2-PSK-SHA256|WPA-PSK|WPA-PSK-SHA256)
+- if [ ${l} -ge 8 ] && [ ${l} -le 63 ]; then
+- return ${EXIT_TRUE}
+- fi
++ # For WPA*, the key must be between 8 and 63 chars
++ if [ ${l} -lt 8 ] || [ ${l} -gt 63 ]; then
++ return ${EXIT_FALSE}
++ fi
+
+- return ${EXIT_FALSE}
+- ;;
+- esac
++ # Can only contain ASCII chararcters
++ if contains_non_ascii_characters "${psk}"; then
++ return ${EXIT_FALSE}
++ fi
+
+- return ${EXIT_ERROR}
++ # Seems OK
++ return ${EXIT_TRUE}
+ }
+
+ wireless_client_is_connected() {
+diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap
+index 2528585..26e14d6 100644
+--- a/src/hooks/ports/wireless-ap
++++ b/src/hooks/ports/wireless-ap
+@@ -156,9 +156,17 @@ hook_parse_cmdline() {
+ fi
+
+ # Check if SECRET is set when WPA* is enabled
+- if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
+- error "Secret is not set when PSK authentication is enabled"
+- return ${EXIT_ERROR}
++ if enabled WPA3_PERSONAL || enabled WPA2_PERSONAL; then
++ if ! isset SECRET; then
++ error "Secret is not set when PSK authentication is enabled"
++ return ${EXIT_ERROR}
++ fi
++
++ # Check if SECRET is valid
++ if ! wireless_pre_shared_key_is_valid "${SECRET}"; then
++ error "The secret is in an invalid format"
++ return ${EXIT_ERROR}
++ fi
+ fi
+
+ # Save address of phy do identify it again
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,235 @@
+From d4564f2b7efa20ea025b6918b012656927fd342a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 18:51:13 +0100
+Subject: [PATCH 051/304] Drop old locking functions
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.device | 12 ++----
+ src/functions/functions.editor | 51 +++++++++--------------
+ src/functions/functions.firewall | 3 +-
+ src/functions/functions.lock | 70 --------------------------------
+ 4 files changed, 26 insertions(+), 110 deletions(-)
+
+diff --git a/src/functions/functions.device b/src/functions/functions.device
+index 48f2440..f52eee5 100644
+--- a/src/functions/functions.device
++++ b/src/functions/functions.device
+@@ -997,15 +997,11 @@ device_get_link_string() {
+ }
+
+ device_auto_configure_smp_affinity() {
+- assert [ $# -eq 1 ]
+-
+- local device=${1}
+-
+- if lock_acquire "smp-affinity" 60; then
+- device_set_smp_affinity ${device} auto
++ local device="${1}"
++ assert isset device
+
+- lock_release "smp-affinity"
+- fi
++ lock "smp-affinity" \
++ device_set_smp_affinity "${device}" "auto"
+ }
+
+ device_set_smp_affinity() {
+diff --git a/src/functions/functions.editor b/src/functions/functions.editor
+index 6edac62..8f0cc0b 100644
+--- a/src/functions/functions.editor
++++ b/src/functions/functions.editor
+@@ -19,17 +19,6 @@
+ # #
+ ###############################################################################
+
+-editor_cleanup() {
+- # Cleanup after a file was edited
+- assert [ $# -eq 2 ]
+-
+- local file=${1}
+- local temp_file=${2}
+-
+- lock_release "${file}.lock"
+- rm -f ${temp_file}
+-}
+-
+ editor_find_best() {
+ # Open a file with the best available editor
+ assert [ $# -eq 1 ]
+@@ -62,31 +51,26 @@ editor_find_best() {
+ }
+
+ editor() {
+- # This function open a file for editing and take care of all preperation and postprocessing
+- assert [ $# -ge 1 ]
++ local file="${1}"
++ assert isset file
+
+- local file=${1}
+ if [ ! -f ${file} ] || [ ! -w ${file} ]; then
+ error "${file} is not valid file or is not writeable"
+ return ${EXIT_ERROR}
+ fi
+
+- local check_func=${2}
++ lock "${file}.lock" __editor "$@"
++}
+
+- # check if the file is locked
+- if lock_exists "${file}.lock"; then
+- error "Cannot edit ${file} because it is locked"
+- return ${EXIT_ERROR}
+- fi
++__editor() {
++ # This function open a file for editing and take care of all preperation and postprocessing
++ assert [ $# -ge 1 ]
+
+- # lock the file
+- if ! lock_acquire "${file}.lock"; then
+- error "Cannot lock file ${file}"
+- return ${EXIT_ERROR}
+- fi
++ local file="${1}"
++ local check_func="${2}"
+
+ # create a temporary file
+- local temp_file=$(mktemp)
++ local temp_file="$(mktemp)"
+
+ if ! [ -f "${temp_file}" ]; then
+ error "Cannot create temporary file"
+@@ -98,21 +82,26 @@ editor() {
+ # edit the file
+ if ! editor_find_best "${temp_file}"; then
+ error "Could not edit ${file}"
+- # cleanup
+- editor_cleanup "${file}" "${temp_file}"
++
++ # Delete temporary file
++ file_delete "${temp_file}"
++
++ return ${EXIT_ERROR}
+ fi
+
+ # run the check if we have one
+ if isset check_func && ! editor_check "${check_func}" "${temp_file}"; then
++ # Delete temporary file
++ file_delete "${temp_file}"
++
+ return ${EXIT_ERROR}
+ fi
+
+ # copy the changes back
+ cp -f "${temp_file}" "${file}"
+
+- # cleanup
+- editor_cleanup "${file}" "${temp_file}"
+-
++ # Delete temporary file
++ file_delete "${temp_file}"
+ }
+
+ editor_check() {
+diff --git a/src/functions/functions.firewall b/src/functions/functions.firewall
+index 347916e..e22576b 100644
+--- a/src/functions/functions.firewall
++++ b/src/functions/functions.firewall
+@@ -269,7 +269,8 @@ firewall_panic() {
+ }
+
+ firewall_lock_acquire() {
+- lock_acquire ${RUN_DIR}/.firewall_lock
++ # XXX DEPRECATED
++ #lock_acquire ${RUN_DIR}/.firewall_lock
+
+ # Make sure the lock is released after the firewall
+ # script has crashed or exited early.
+diff --git a/src/functions/functions.lock b/src/functions/functions.lock
+index 6295a22..fd15e5e 100644
+--- a/src/functions/functions.lock
++++ b/src/functions/functions.lock
+@@ -19,16 +19,6 @@
+ # #
+ ###############################################################################
+
+-__lock_path() {
+- local name=${1}
+-
+- if [ "${name:0:1}" = "/" ]; then
+- echo "${name}"
+- else
+- echo "${LOCK_DIR}/network-${name}"
+- fi
+-}
+-
+ lock() {
+ local lock="${1}"
+ shift
+@@ -65,63 +55,3 @@ lock() {
+ exit ${ret}
+ ) 9>${lock} || exit $?
+ }
+-
+-lock_exists() {
+- local name=${1}
+- assert isset name
+-
+- local lockfile=$(__lock_path ${name})
+-
+- if [ -e "${lockfile}" ]; then
+- return ${EXIT_TRUE}
+- else
+- return ${EXIT_FALSE}
+- fi
+-}
+-
+-lock_acquire() {
+- local name=${1}
+- assert isset name
+-
+- # timeout value in seconds
+- local timeout=${2}
+-
+- if ! isset timeout; then
+- timeout=0
+- fi
+-
+- local lockfile=$(__lock_path ${name})
+-
+- timeout=$(( ${timeout} * 4 ))
+-
+- log DEBUG "Acquiring lock '${name}'"
+-
+- # Wait until lock is available
+- while [ ${timeout} -gt 0 ] && [ -e "${lockfile}" ]; do
+- timeout=$(( ${timeout} - 1 ))
+- sleep 0.25
+- done
+-
+- # If another lock still exists, we return an error
+- if [ -e "${lockfile}" ]; then
+- error "Could not acquire lock '${name}'"
+- return ${EXIT_ERROR}
+- fi
+-
+- # Write out pid to the lockfile and make sure that
+- # nobody else can access it.
+- echo "$$" > ${lockfile}
+- chmod 600 ${lockfile}
+-}
+-
+-lock_release() {
+- local name=${1}
+- assert isset name
+-
+- local lockfile=$(__lock_path ${name})
+-
+- log DEBUG "Releasing lock '${name}'"
+-
+- # Remove the lockfile (okay if it does not exist).
+- rm -f ${lockfile}
+-}
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,26 @@
+From 55dcff454fa68dc2ff82f3dfbbafd75d3799b0ae Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 18:56:04 +0100
+Subject: [PATCH 052/304] ip-tunnel: Enable support for 6in4 tunnels
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/zones/ip-tunnel | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/hooks/zones/ip-tunnel b/src/hooks/zones/ip-tunnel
+index 634154e..c4a4fb4 100644
+--- a/src/hooks/zones/ip-tunnel
++++ b/src/hooks/zones/ip-tunnel
+@@ -21,7 +21,7 @@
+
+ . /usr/lib/network/header-zone
+
+-SUPPORTED_IP_TUNNEL_MODES="gre vti"
++SUPPORTED_IP_TUNNEL_MODES="gre sit vti"
+
+ HOOK_SETTINGS=(
+ "MARK"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,37 @@
+From 1ed79f5432d0bd4c4f0c8f8692b488c268e379a4 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 30 Mar 2019 19:03:24 +0100
+Subject: [PATCH 053/304] lock: Cleanup lock files
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.lock | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.lock b/src/functions/functions.lock
+index fd15e5e..c01fcf3 100644
+--- a/src/functions/functions.lock
++++ b/src/functions/functions.lock
+@@ -29,6 +29,7 @@ lock() {
+ fi
+
+ local timeout="60"
++ local ret=0
+
+ # Make partent directory
+ make_parent_directory "${lock}"
+@@ -53,5 +54,10 @@ lock() {
+ log DEBUG "Released lock ${lock}"
+
+ exit ${ret}
+- ) 9>${lock} || exit $?
++ ) 9>${lock} || ret=$?
++
++ # Cleanup log file
++ file_delete "${lock}"
++
++ return ${ret}
+ }
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,45 @@
+From 1ef692c599a77fcb0683e3196b8f4b56f52644da Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 13:10:30 +0200
+Subject: [PATCH 054/304] hostapd: Require MFP for SAE when it is enabled
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.hostapd | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd
+index 095beb8..410e6e5 100644
+--- a/src/functions/functions.hostapd
++++ b/src/functions/functions.hostapd
+@@ -407,6 +407,7 @@ hostapd_config_write() {
+ local wpa_passphrase
+ local sae_password
+ local wpa_strict_rekey
++ local sae_require_mfp
+
+ # WPA3 Personal
+ if enabled WPA3_PERSONAL; then
+@@ -416,6 +417,10 @@ hostapd_config_write() {
+ # Add WPA key management
+ list_append wpa_key_mgmt "SAE"
+ sae_password="${secret}"
++
++ if enabled MFP; then
++ sae_require_mfp="1"
++ fi
+ fi
+
+ # WPA2 Personal
+@@ -441,7 +446,7 @@ hostapd_config_write() {
+
+ local var
+ for var in wpa wpa_key_mgmt wpa_passphrase sae_password \
+- rsn_pairwise group_cipher wpa_strict_rekey; do
++ rsn_pairwise group_cipher wpa_strict_rekeyi sae_require_mfp; do
+ if [ -n "${!var}" ]; then
+ print "${var}=${!var}"
+ fi
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,117 @@
+From 7a3747a1b0d2e219600979aa4286e8ffd96d5b59 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 14:14:55 +0200
+Subject: [PATCH 055/304] bird: Write IPv6 router advertisement configuration
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.bird | 89 ++++++++++++++++++++++++++++++++++++
+ 1 file changed, 89 insertions(+)
+
+diff --git a/src/functions/functions.bird b/src/functions/functions.bird
+index c6fea32..950bb78 100644
+--- a/src/functions/functions.bird
++++ b/src/functions/functions.bird
+@@ -84,6 +84,9 @@ bird_generate_config() {
+ print "}"
+ print
+ done >> ${BIRD_CONF}
++
++ # Write IPv6 Router Advertisement configuration
++ __bird_ipv6_radv >> ${BIRD_CONF}
+ }
+
+ __bird_static_routes() {
+@@ -122,3 +125,89 @@ __bird_static_routes() {
+ esac
+ done < ${NETWORK_CONFIG_ROUTES}
+ }
++
++__bird_ipv6_radv() {
++ print "protocol radv {"
++
++ local zone
++ for zone in $(zones_get_local); do
++ log DEBUG "Writing bird radv configuration for ${zone}"
++
++ # Skip if there is no prefix or prefix is link-local.
++ local addr="$(db_get "${zone}/ipv6/local-ip-address")"
++ if [ -z "${addr}" ] || [ "${addr:0:5}" = "fe80:" ]; then
++ continue
++ fi
++
++ # Check if the subnet is configured by the DHCP server.
++ local dhcp="false"
++ local prefix="$(ipv6_get_network "${addr}")"
++ if isset prefix && dhcpd_subnet_match ipv6 "${prefix}"; then
++ dhcp="true"
++ fi
++
++ print " interface \"${zone}\" {"
++ # Failover to other routers within 10s
++ print " max ra interval 10;"
++
++ # Tell clients we are running DHCP
++ if enabled dhcp; then
++ print " managed yes;"
++ print " other config yes;"
++ fi
++
++ if device_exists "${zone}"; then
++ # Announce link MTU
++ local mtu="$(device_get_mtu "${zone}")"
++ print " link mtu ${mtu};"
++ fi
++
++ print # empty line
++
++ # Announce all prefixes
++ print " prefix ::/0 {"
++
++ if enabled dhcp; then
++ print " autonomous off;"
++ fi
++
++ print " };"
++ print " };\n"
++ done
++
++ # Advertise any DNS servers
++ if enabled DNS_ADVERTISE_SERVERS; then
++ # Get a list of all IPv6 name servers
++ local servers=()
++ local server
++ for server in $(dns_server_list_sorted); do
++ # Skip any non-IPv6 servers
++ ipv6_is_valid "${server}" || continue
++
++ servers+=( "${server}" )
++ done
++
++ if isset servers; then
++ print " rdnss {"
++
++ local server
++ for server in ${servers}; do
++ print " ns ${server};"
++ done
++
++ print " };"
++ fi
++ fi
++
++ # DNS Search Domain
++ print " dnssl {"
++
++ local domain
++ for domain in $(dns_get_search_domains); do
++ print " domain \"${domain}\";"
++ done
++
++ print " };"
++
++ print "}\n"
++}
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,314 @@
+From 1cb20d39b29a1bd73cef2926cc4aae651f653ca7 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 14:20:40 +0200
+Subject: [PATCH 056/304] Drop code for radvd
+
+This is now being replaced by bird.
+
+Bird is running anyways and can do this job just as well.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 2 -
+ src/functions/functions.bird | 11 +++
+ src/functions/functions.dns | 8 +-
+ src/functions/functions.radvd | 160 --------------------------------
+ src/functions/functions.routing | 4 +-
+ src/network-radvd-config | 35 -------
+ 6 files changed, 17 insertions(+), 203 deletions(-)
+ delete mode 100644 src/functions/functions.radvd
+ delete mode 100644 src/network-radvd-config
+
+diff --git a/Makefile.am b/Makefile.am
+index 1b5e7e9..ce587b7 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -173,7 +173,6 @@ dist_network_DATA = \
+ src/functions/functions.ports \
+ src/functions/functions.ppp \
+ src/functions/functions.pppoe-server \
+- src/functions/functions.radvd \
+ src/functions/functions.route \
+ src/functions/functions.routing \
+ src/functions/functions.serial \
+@@ -193,7 +192,6 @@ dist_network_DATA = \
+ src/functions/functions.wireless-networks \
+ src/functions/functions.wpa_supplicant \
+ src/functions/functions.zone \
+- src/network-radvd-config \
+ src/header-config \
+ src/header-port \
+ src/header-zone
+diff --git a/src/functions/functions.bird b/src/functions/functions.bird
+index 950bb78..55d43b5 100644
+--- a/src/functions/functions.bird
++++ b/src/functions/functions.bird
+@@ -33,6 +33,17 @@ bird_reload() {
+ service_reload "bird.service"
+ }
+
++# Update configuration any apply it in one go
++bird_update() {
++ if ! bird_generate_config; then
++ log ERROR "Could not write Bird configuration"
++ return ${EXIT_ERROR}
++ fi
++
++ # Reload bird
++ bird_reload
++}
++
+ bird_generate_config() {
+ log DEBUG "Write BIRD configuration file"
+
+diff --git a/src/functions/functions.dns b/src/functions/functions.dns
+index 890f1ac..0e058be 100644
+--- a/src/functions/functions.dns
++++ b/src/functions/functions.dns
+@@ -31,8 +31,8 @@ NETWORK_SETTINGS_FILE_PARAMS="${NETWORK_SETTINGS_FILE_PARAMS} DNS_RANDOMIZE"
+ DNS_SEARCH_DOMAINS=""
+ NETWORK_SETTINGS_FILE_PARAMS="${NETWORK_SETTINGS_FILE_PARAMS} DNS_SEARCH_DOMAINS"
+
+-# Set this option to true if the DNS servers should be advertised by
+-# radvd.
++# Set this option to true if the DNS servers should be advertised in
++# IPv6 router advertisements
+ DNS_ADVERTISE_SERVERS="true"
+
+ DNS_SERVER_CONFIG_FILE="${NETWORK_CONFIG_DIR}/dns-servers"
+@@ -234,8 +234,8 @@ dns_server_update() {
+ # Regenerate /etc/resolv.conf
+ dns_generate_resolvconf
+
+- # Restart radvd which propagates IPv6 DNS servers
+- radvd_update
++ # Update bird about IPv6 DNS server changes
++ bird_update
+ }
+
+ dns_generate_resolvconf() {
+diff --git a/src/functions/functions.radvd b/src/functions/functions.radvd
+deleted file mode 100644
+index 1c8b8d0..0000000
+--- a/src/functions/functions.radvd
++++ /dev/null
+@@ -1,160 +0,0 @@
+-#!/bin/bash
+-###############################################################################
+-# #
+-# IPFire.org - A linux based firewall #
+-# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
+-# #
+-# This program is free software: you can redistribute it and/or modify #
+-# it under the terms of the GNU General Public License as published by #
+-# the Free Software Foundation, either version 3 of the License, or #
+-# (at your option) any later version. #
+-# #
+-# This program is distributed in the hope that it will be useful, #
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+-# GNU General Public License for more details. #
+-# #
+-# You should have received a copy of the GNU General Public License #
+-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+-# #
+-###############################################################################
+-
+-RADVD_CONFIGFILE="/etc/radvd.conf"
+-
+-radvd_update() {
+- # (Re-)write the configuration file
+- if radvd_write_config; then
+- # Reload the radvd service if it is already running
+- if service_is_active radvd; then
+- service_reload radvd
+- return ${EXIT_OK}
+- fi
+-
+- # Start the radvd service
+- service_start radvd
+- fi
+-}
+-
+-radvd_clear_config() {
+- log DEBUG "Clearing radv daemon configuration file"
+-
+- config_header "radv daemon configuration file" > ${RADVD_CONFIGFILE}
+-
+- return ${EXIT_OK}
+-}
+-
+-radvd_write_config() {
+- radvd_clear_config
+-
+- # Write the configuration for all zones.
+- local zone
+-
+- # The return value determine if radvd is started or not
+- local return_value=${EXIT_FALSE}
+-
+- for zone in $(zones_get_local); do
+- if __radvd_config_interface ${zone}; then
+- # We return TRUE when __radvd_config_interface returns True
+- return_value=${EXIT_TRUE}
+- fi
+- done >> ${RADVD_CONFIGFILE}
+-
+- return ${return_value}
+-}
+-
+-# This function return ${EXIT_FALSE} if no radvd config was written and ${EXIT_TRUE} in all other cases
+-__radvd_config_interface() {
+- local zone=${1}
+- assert isset zone
+-
+- log DEBUG "Writing radvd configuration for ${zone}."
+-
+- # If the interface does not provide any routing information,
+- # we can skip this whole stuff.
+- if ! db_exists "${zone}/ipv6"; then
+- return ${EXIT_FALSE}
+- fi
+-
+- # Skip if zone is not active.
+- local active="$(db_get "${zone}/ipv6/active")"
+- [ "${active}" = "0" ] && return ${EXIT_FALSE}
+-
+- # Skip if there is no prefix or prefix is link-local.
+- local addr="$(db_get "${zone}/ipv6/local-ip-address")"
+- if [ -z "${addr}" ] || [ "${addr:0:5}" = "fe80:" ]; then
+- return ${EXIT_FALSE}
+- fi
+-
+- # Check if the subnet is configured by the DHCP server.
+- local dhcpd="false"
+- local prefix="$(ipv6_get_network "${addr}")"
+- if isset prefix && dhcpd_subnet_match ipv6 "${prefix}"; then
+- dhcpd="true"
+- fi
+-
+- print "interface ${zone} {"
+- print " AdvSendAdvert on;"
+- print " MinRtrAdvInterval 3;"
+- print " MaxRtrAdvInterval 10;"
+- print " IgnoreIfMissing on;"
+-
+- if enabled dhcpd; then
+- print " AdvManagedFlag on;"
+- print " AdvOtherConfigFlag on;"
+- fi
+-
+- print
+- print " prefix ::/64 {"
+- print " AdvOnLink on;"
+-
+- if enabled dhcpd; then
+- print " AdvRouterAddr off;"
+- print " AdvAutonomous off;"
+- else
+- print " AdvRouterAddr on;"
+- print " AdvAutonomous on;"
+- fi
+-
+- print " };"
+- print
+-
+- # Add the DNS configuration.
+- __radvd_config_dns ${zone}
+-
+- print "};"
+- print
+-
+- return ${EXIT_TRUE}
+-}
+-
+-__radvd_config_dns() {
+- local zone=${1}
+-
+- # Do nothing, when this option is not enabled.
+- enabled DNS_ADVERTISE_SERVERS || return ${EXIT_OK}
+-
+- # XXX it is kind of difficult to announce our local
+- # resolver.
+-
+- local server servers
+- for server in $(dns_server_list_sorted); do
+- # Filter out non IPv6 addresses.
+- ipv6_is_valid ${server} || continue
+-
+- servers="${servers} ${server}"
+- done
+-
+- # Remove whitespaces.
+- servers=$(echo ${servers})
+-
+- # If there are no servers to announce, we stop right here.
+- if ! isset servers; then
+- log DEBUG "No servers to announce."
+- return ${EXIT_OK}
+- fi
+-
+- print " RDNSS ${servers} {"
+- print " # Use the defaults here."
+- print " };"
+- print
+-}
+diff --git a/src/functions/functions.routing b/src/functions/functions.routing
+index c7aac09..351cc53 100644
+--- a/src/functions/functions.routing
++++ b/src/functions/functions.routing
+@@ -80,8 +80,8 @@ routing_default_update() {
+ # Remove too much spaces.
+ routes=$(echo ${routes})
+
+- # Reload radvd configuration
+- [[ "${proto}" = "ipv6" ]] && radvd_update
++ # Reload bird configuration
++ [[ "${proto}" = "ipv6" ]] && bird_update
+
+ # Remove all default routes.
+ if [ -z "${routes}" ]; then
+diff --git a/src/network-radvd-config b/src/network-radvd-config
+deleted file mode 100644
+index e9809e1..0000000
+--- a/src/network-radvd-config
++++ /dev/null
+@@ -1,35 +0,0 @@
+-#!/bin/bash
+-###############################################################################
+-# #
+-# IPFire.org - A linux based firewall #
+-# Copyright (C) 2011 Michael Tremer & Christian Schmidt #
+-# #
+-# This program is free software: you can redistribute it and/or modify #
+-# it under the terms of the GNU General Public License as published by #
+-# the Free Software Foundation, either version 3 of the License, or #
+-# (at your option) any later version. #
+-# #
+-# This program is distributed in the hope that it will be useful, #
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+-# GNU General Public License for more details. #
+-# #
+-# You should have received a copy of the GNU General Public License #
+-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+-# #
+-###############################################################################
+-
+-. /lib/network/functions
+-
+-case "${1}" in
+- start)
+- # Write the radvd configuration file.
+- radvd_write_config
+- ;;
+- stop)
+- # Clear all contents in the configuration file.
+- radvd_clear_config
+- ;;
+-esac
+-
+-exit ${EXIT_OK}
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,25 @@
+From f116762cf279b39749bea053eca0e873c60e23f1 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 14:21:18 +0200
+Subject: [PATCH 057/304] .gitignore: Ignore vim's swp files
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ .gitignore | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/.gitignore b/.gitignore
+index a6df183..36c85a1 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -20,6 +20,7 @@
+ *.lo
+ *.o
+ *.stamp
++*.swp
+ *.trs
+ *~
+ .deps
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,73 @@
+From 39beacd0549be57fde9eb350c2c9292094537629 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 14:28:44 +0200
+Subject: [PATCH 058/304] bird: Make sure the daemon is always running
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.bird | 14 ++++++++++++++
+ src/functions/functions.route | 7 ++-----
+ src/network | 4 ++--
+ 3 files changed, 18 insertions(+), 7 deletions(-)
+
+diff --git a/src/functions/functions.bird b/src/functions/functions.bird
+index 55d43b5..1bbac8c 100644
+--- a/src/functions/functions.bird
++++ b/src/functions/functions.bird
+@@ -33,6 +33,20 @@ bird_reload() {
+ service_reload "bird.service"
+ }
+
++bird_enable() {
++ # Generate configuration file
++ if ! bird_generate_config; then
++ log ERROR "Could not write Bird configuration"
++ return ${EXIT_ERROR}
++ fi
++
++ # Enable the service to be automatically started next time
++ service_enable "bird.service"
++
++ # Start it now
++ bird_start
++}
++
+ # Update configuration any apply it in one go
+ bird_update() {
+ if ! bird_generate_config; then
+diff --git a/src/functions/functions.route b/src/functions/functions.route
+index e6ea244..b833822 100644
+--- a/src/functions/functions.route
++++ b/src/functions/functions.route
+@@ -393,11 +393,8 @@ route_parse_line() {
+ }
+
+ route_apply() {
+- # Re-generate BIRD configuration
+- bird_generate_config
+-
+- # Reload the daemon
+- bird_reload
++ # Update bird
++ bird_update
+ }
+
+ route_entry_add() {
+diff --git a/src/network b/src/network
+index 300ba94..be06d8a 100644
+--- a/src/network
++++ b/src/network
+@@ -1381,8 +1381,8 @@ case "${action}" in
+ # Update resolv.conf(5) when initializing the network
+ dns_generate_resolvconf
+
+- # Update bird configuration
+- bird_generate_config
++ # Make sure bird is running
++ bird_enable
+
+ # Also execute all triggers
+ triggers_execute_all "init"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,28 @@
+From 57496df2abdaa620e8ce68abfa5ad65b211a3484 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 26 Sep 2018 22:14:27 +0200
+Subject: [PATCH 059/304] configure: Require asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ configure.ac | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 08e9089..117850f 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -143,6 +143,10 @@ PKG_CHECK_MODULES([LIBNL], [libnl-3.0 libnl-genl-3.0])
+
+ # ------------------------------------------------------------------------------
+
++AC_CHECK_PROGS(ASCIIDOC, [asciidoc])
++
++# ------------------------------------------------------------------------------
++
+ AC_CONFIG_HEADERS(config.h)
+ AC_CONFIG_FILES([
+ Makefile
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,94 @@
+From 8f591cfc10d1876523d608d9643f0a82517c2add Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 26 Sep 2018 22:42:36 +0200
+Subject: [PATCH 060/304] man: Add test page for asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 14 +++++++++++---
+ man/.gitignore | 1 +
+ man/test.txt | 11 +++++++++++
+ 3 files changed, 23 insertions(+), 3 deletions(-)
+ create mode 100644 man/test.txt
+
+diff --git a/Makefile.am b/Makefile.am
+index ce587b7..d01e223 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -89,6 +89,10 @@ INSTALL_EXEC_HOOKS += \
+
+ # ------------------------------------------------------------------------------
+
++AM_V_ASCIIDOC = $(AM_V_ASCIIDOC_$(V))
++AM_V_ASCIIDOC_ = $(AM_V_ASCIIDOC_$(AM_DEFAULT_VERBOSITY))
++AM_V_ASCIIDOC_0 = @echo " ASCIIDOC" $@;
++
+ AM_V_DOWNLOAD = $(AM_V_DOWNLOAD_$(V))
+ AM_V_DOWNLOAD_ = $(AM_V_DOWNLOAD_$(AM_DEFAULT_VERBOSITY))
+ AM_V_DOWNLOAD_0 = @echo " LOAD " $@;
+@@ -449,6 +453,7 @@ INSTALL_DIRS += \
+ # ------------------------------------------------------------------------------
+
+ MANPAGES = \
++ man/test.8 \
+ man/firewall-settings.8 \
+ man/network.8 \
+ man/network-color.8 \
+@@ -472,8 +477,8 @@ MANPAGES = \
+ man/network-zone-pppoe.8 \
+ man/network-zone-wireless.8
+
+-MANPAGES_XML = $(patsubst %.8,%.xml,$(MANPAGES))
+-MANPAGES_HTML = $(patsubst %.xml,%.html,$(MANPAGES_XML))
++MANPAGES_TXT = $(patsubst %.8,%.txt,$(MANPAGES))
++MANPAGES_HTML = $(patsubst %.txt,%.html,$(MANPAGES))
+
+ .PHONY: man
+ man: $(MANPAGES) $(MANPAGES_HTML)
+@@ -489,7 +494,7 @@ CLEANFILES += \
+ $(MANPAGES_HTML)
+
+ EXTRA_DIST += \
+- $(MANPAGES_XML) \
++ $(MANPAGES_TXT) \
+ man/custom-html.xsl
+
+ XSLTPROC_FLAGS = \
+@@ -507,6 +512,9 @@ XSLTPROC_COMMAND_MAN = \
+ XSLTPROC_COMMAND_HTML = \
+ $(AM_V_XSLT)$(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(srcdir)/man/custom-html.xsl $<
+
++man/%.xml: man/%.txt
++ $(AM_V_ASCIIDOC)$(ASCIIDOC) -d manpage -b docbook -o $@ $<
++
+ man/%.8: man/%.xml
+ $(XSLTPROC_COMMAND_MAN)
+
+diff --git a/man/.gitignore b/man/.gitignore
+index 237049a..f891826 100644
+--- a/man/.gitignore
++++ b/man/.gitignore
+@@ -1,2 +1,3 @@
+ /*.[13578]
+ /*.html
++/*.xml
+diff --git a/man/test.txt b/man/test.txt
+new file mode 100644
+index 0000000..4c9d35d
+--- /dev/null
++++ b/man/test.txt
+@@ -0,0 +1,11 @@
++test(8)
++=======
++
++NAME
++----
++test - Hello World!
++
++SYNOPSIS
++--------
++[verse]
++'hello world' [<options>] <file>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,86 @@
+From a7d2fef75b529c8cc10c4d22fca3114e30542394 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 26 Sep 2018 23:04:35 +0200
+Subject: [PATCH 061/304] man: Use asciidoc to generate HTML pages directly
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 10 +++-------
+ man/custom-html.xsl | 31 -------------------------------
+ 2 files changed, 3 insertions(+), 38 deletions(-)
+ delete mode 100644 man/custom-html.xsl
+
+diff --git a/Makefile.am b/Makefile.am
+index d01e223..c4f8b45 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -494,8 +494,7 @@ CLEANFILES += \
+ $(MANPAGES_HTML)
+
+ EXTRA_DIST += \
+- $(MANPAGES_TXT) \
+- man/custom-html.xsl
++ $(MANPAGES_TXT)
+
+ XSLTPROC_FLAGS = \
+ --nonet \
+@@ -509,17 +508,14 @@ XSLTPROC_COMMAND_MAN = \
+ $(AM_V_XSLT)$(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) \
+ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+
+-XSLTPROC_COMMAND_HTML = \
+- $(AM_V_XSLT)$(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) $(srcdir)/man/custom-html.xsl $<
+-
+ man/%.xml: man/%.txt
+ $(AM_V_ASCIIDOC)$(ASCIIDOC) -d manpage -b docbook -o $@ $<
+
+ man/%.8: man/%.xml
+ $(XSLTPROC_COMMAND_MAN)
+
+-man/%.html: man/%.xml man/custom-html.xsl
+- $(XSLTPROC_COMMAND_HTML)
++man/%.html: man/%.txt
++ $(AM_V_ASCIIDOC)$(ASCIIDOC) -b html5 -a icons -a theme=flask -o $@ $<
+
+ # ------------------------------------------------------------------------------
+
+diff --git a/man/custom-html.xsl b/man/custom-html.xsl
+deleted file mode 100644
+index fe2b54e..0000000
+--- a/man/custom-html.xsl
++++ /dev/null
+@@ -1,31 +0,0 @@
+-<?xml version='1.0'?>
+-
+-<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
+-
+-<xsl:import href="http://docbook.sourceforge.net/release/xsl/current/html/docbook.xsl"/>
+-
+-<!-- translate man page references to links to html pages -->
+-<xsl:template match="citerefentry">
+- <a>
+- <xsl:attribute name="href">
+- <xsl:value-of select="refentrytitle"/><xsl:text>.html</xsl:text>
+- </xsl:attribute>
+- <xsl:call-template name="inline.charseq"/>
+- </a>
+-</xsl:template>
+-
+-<!-- add Index link at top of page -->
+-<xsl:template name="user.header.content">
+- <a>
+- <xsl:attribute name="href">
+- <xsl:text>index.html</xsl:text>
+- </xsl:attribute>
+- <xsl:text>Index</xsl:text>
+- </a>
+- <hr/>
+-</xsl:template>
+-
+-<!-- Switch things to UTF-8, ISO-8859-1 is soo yesteryear -->
+-<xsl:output method="html" encoding="UTF-8" indent="no"/>
+-
+-</xsl:stylesheet>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,62 @@
+From baf429f17d664bbc6d141c13ce6ed52091803c3b Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 27 Sep 2018 00:22:59 +0200
+Subject: [PATCH 062/304] man: Add asciidoc configuration file
+
+This adds a short command to link to other man pages
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 12 ++++++++----
+ man/asciidoc.conf | 12 ++++++++++++
+ 2 files changed, 20 insertions(+), 4 deletions(-)
+ create mode 100644 man/asciidoc.conf
+
+diff --git a/Makefile.am b/Makefile.am
+index c4f8b45..ebf3be7 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -508,14 +508,18 @@ XSLTPROC_COMMAND_MAN = \
+ $(AM_V_XSLT)$(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) \
+ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+
+-man/%.xml: man/%.txt
+- $(AM_V_ASCIIDOC)$(ASCIIDOC) -d manpage -b docbook -o $@ $<
++man/%.xml: man/%.txt man/asciidoc.conf
++ $(AM_V_ASCIIDOC)$(ASCIIDOC) \
++ -f man/asciidoc.conf \
++ -d manpage -b docbook -o $@ $<
+
+ man/%.8: man/%.xml
+ $(XSLTPROC_COMMAND_MAN)
+
+-man/%.html: man/%.txt
+- $(AM_V_ASCIIDOC)$(ASCIIDOC) -b html5 -a icons -a theme=flask -o $@ $<
++man/%.html: man/%.txt man/asciidoc.conf
++ $(AM_V_ASCIIDOC)$(ASCIIDOC) \
++ -f man/asciidoc.conf \
++ -b html5 -a icons -a theme=flask -o $@ $<
+
+ # ------------------------------------------------------------------------------
+
+diff --git a/man/asciidoc.conf b/man/asciidoc.conf
+new file mode 100644
+index 0000000..243f81f
+--- /dev/null
++++ b/man/asciidoc.conf
+@@ -0,0 +1,12 @@
++ifdef::backend-docbook[]
++[link-inlinemacro]
++{0%{target}}
++{0#<citerefentry>}
++{0#<refentrytitle>{target}</refentrytitle><manvolnum>{0}</manvolnum>}
++{0#</citerefentry>}
++endif::backend-docbook[]
++
++ifdef::backend-html5[]
++[link-inlinemacro]
++<a href="{target}.html">{target}{0?({0})}</a>
++endif::backend-html5[]
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,503 @@
+From 44d5ffe94daa496c95bf91860a5211272d8f3ff1 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 27 Sep 2018 00:25:12 +0200
+Subject: [PATCH 063/304] man: Convert network(8) from docbook to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network.txt | 107 ++++++++++++++
+ man/network.xml | 368 ------------------------------------------------
+ 2 files changed, 107 insertions(+), 368 deletions(-)
+ create mode 100644 man/network.txt
+ delete mode 100644 man/network.xml
+
+diff --git a/man/network.txt b/man/network.txt
+new file mode 100644
+index 0000000..569449e
+--- /dev/null
++++ b/man/network.txt
+@@ -0,0 +1,107 @@
++network(8)
++==========
++
++NAME
++----
++network - IPFire Network Configuration Program
++
++SYNOPSIS
++--------
++[verse]
++'network' [<options>] <command> ...
++
++DESCRIPTION
++-----------
++The 'network' command is a tool which configures the network on every IPFire
++system. It is a fast and versatile way to create, edit and remove configurations,
++review the status of the network and it is working in the background of the
++system make sure that things are running smoothly.
++
++OPTIONS
++-------
++-d::
++--debug::
++ Enabled debugging mode.
++ In this mode, there wll be debug output on the console and written to
++ the log.
++ The debugging mode can be permanently enabled by setting 'DEBUG=1'.
++
++COMMANDS
++--------
++The following commands are understood:
++
++'start' [ZONE]::
++ Starts a zone. That means the zone is being created and brought up.
++ If one or more zones are passed to the command, only these will be
++ started.
++
++'stop' [ZONE]::
++ Stops a zone. This is the inverse of the 'start' command.
++
++'restart' [ZONE]::
++ Restarts a zone.
++
++'status' [ZONE]::
++ Shows an overview of the status of the zone.
++
++'zone' ...::
++ Commands to configure zones. See link:network-zone[8] for details.
++
++'port' ...::
++ Commands to configure ports. See link:network-port[8] for details.
++
++'device' ...::
++ See the status or execute commands to network devices.
++ See link:network-device[8] for details.
++
++'hostname' [HOSTNAME]::
++ Without the optional 'HOSTNAME' argument, this command will print
++ the configured hostname.
++ Passing 'HOSTNAME' will set it as the new hostname.
++
++'settings' ...::
++ Shows and alters global configuration parameters.
++ See link:network-settings[8] for details.
++
++'dns-server' ...::
++ This command allows to configure DNS servers.
++ See link::network-dns-server[8] for details.
++
++'route' ...::
++ This command allows managing static routes.
++ See link:network-route[8] for details.
++
++'vpn' ...::
++ The command allows managing VPN connections.
++ See link:network-vpn[8] for details.
++
++'reset'::
++ This command will reset all network configuration.
++ All zones, ports and other settings will be removed.
++
++'help' ...::
++ Shows this man page.
++
++EXIT CODES
++----------
++The 'network' command will normally exit with code zero.
++If there has been aproblem and the requested action could not be performed,
++the exit code is unequal to zero.
++
++BUGS
++----
++Please report all bugs to the bugtracker at https://bugzilla.ipfire.org/.
++
++AUTHORS
++-------
++Michael Tremer
++
++SEE ALSO
++--------
++link:network-settings[8]
++link:network-device[8]
++link:network-dns-server[8]
++link:network-performance-tuning[8]
++link:network-port[8]
++link:network-quick-start[8]
++link:network-zone[8]
+diff --git a/man/network.xml b/man/network.xml
+deleted file mode 100644
+index 0a97453..0000000
+--- a/man/network.xml
++++ /dev/null
+@@ -1,368 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network">
+- <refentryinfo>
+- <title>network</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network</command>
+- <arg choice="opt" rep="repeat">OPTIONS</arg>
+- <arg choice="plain">COMMAND</arg>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The <command>network</command> command is a tool which configures
+- the network on every IPFire system. It is a fast and versatile
+- way to create, edit and remove configurations, review the status
+- of the network and it is working in the background of the system
+- making sure that things are running smoothly.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Options</title>
+-
+- <para>
+- The following options are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <option>-d</option>
+- </term>
+- <term>
+- <option>--debug</option>
+- </term>
+-
+- <listitem>
+- <para>
+- Enables the debugging mode.
+- In this mode, there will be debug output on
+- the console and written to the log.
+- </para>
+- <para>
+- The debugging mode can be permanently enabled by setting
+- <varname>DEBUG=1</varname>
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>start <replaceable>ZONE-NAME</replaceable>...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Starts a zone. That means the network zone will be created
+- and brought up.
+- If one or more zone names are passed to the command, only
+- these will be started.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>stop <replaceable>ZONE-NAME</replaceable>...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Stops a zone. This is the inverse of the <command>start</command>
+- command.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>restart <replaceable>ZONE-NAME</replaceable>...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Restarts a zone.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>status <replaceable>ZONE-NAME</replaceable>...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Shows a human-readable overview of the status
+- of the network zone.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>zone ...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Configure a zone or show status information.
+- See <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> for details.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>port ...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Configure a port or show status information.
+- See <citerefentry>
+- <refentrytitle>network-port</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> for details.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>device ...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Show status information about network devices.
+- See <citerefentry>
+- <refentrytitle>network-device</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> for details.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>config <replaceable><varname>KEY=VALUE</varname></replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- Shows and alters global configuration parameters.
+- See <citerefentry>
+- <refentrytitle>network-settings</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> for details.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>help [<replaceable>TYPE</replaceable>
+- <replaceable>HOOK</replaceable>|<replaceable>TYPE</replaceable> list-hooks]</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Calling <command>network help</command> without any
+- arguments will show you this man page.
+- </para>
+- <para>
+- <command>network help <replaceable>TYPE</replaceable> list-hooks</command>
+- will print a list of all hooks of <replaceable>TYPE</replaceable>.
+- </para>
+- <para>
+- You may optionally pass two arguments, to view the help
+- of a certain hook.
+- The type of the hook <replaceable>TYPE</replaceable>
+- needs to be passed as well as the name of the hook
+- <replaceable>HOOK</replaceable>.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>hostname <replaceable>HOSTNAME</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- The <command>hostname</command> command will return the
+- currently configured hostname of the system.
+- </para>
+- <para>
+- If a new hostname is added to the command line,
+- it will be configured, but will be set after the next
+- reboot.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>dns-server ...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- The <command>dns-server</command> command will help you
+- configuring the local DNS servers.
+- See <citerefentry>
+- <refentrytitle>network-dns-server</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> for details.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>route ...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- The <command>route</command> command allows managing static routes.
+- See <citerefentry>
+- <refentrytitle>network-route</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> for details.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>vpn ...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- The <command>vpn</command> allows managing VPN connections.
+- See <citerefentry>
+- <refentrytitle>network-vpn</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> for details.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>reset</command>
+- </term>
+-
+- <listitem>
+- <para>
+- The <command>reset</command> command will reset all
+- network configuration. That means all zone configurations
+- will be removed and there will be no networking after the
+- next reboot.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>Exit Codes</title>
+-
+- <para>
+- The <command>network</command> command will normally exit with code 0.
+- If there has been a problem and the requested action could not be done,
+- the exit code is unequal to zero.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Bugs</title>
+-
+- <para>
+- Please report all bugs to the official bugtracker at
+- http://bugs.ipfire.org/.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network-settings</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-device</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-dns-server</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-performance-tuning</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-port</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-quick-start</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,152 @@
+From b2f5dc13f74d0b740885f99a7d1408480da582cf Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 27 Sep 2018 00:34:35 +0200
+Subject: [PATCH 064/304] man: Convert network-color(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-color.txt | 33 ++++++++++++++++
+ man/network-color.xml | 91 -------------------------------------------
+ 2 files changed, 33 insertions(+), 91 deletions(-)
+ create mode 100644 man/network-color.txt
+ delete mode 100644 man/network-color.xml
+
+diff --git a/man/network-color.txt b/man/network-color.txt
+new file mode 100644
+index 0000000..7c95e18
+--- /dev/null
++++ b/man/network-color.txt
+@@ -0,0 +1,33 @@
++network-color(8)
++================
++
++NAME
++----
++network-color - IPFire Network Configuration Control Program
++
++DESCRIPTION
++-----------
++The 'color' command helps to manage colors for zones and ports.
++The color is being used to make identification of a zone or port easier on the
++command line and web user interface.
++
++COMMANDS
++--------
++The following commands are understood:
++
++'set' [AABBCC]::
++ The color of a zone or port is set with the 'set' command.
++ It is required to pass a color in hex formatting.
++
++'reset'::
++ Resets the color of a zone or port to blank.
++
++AUTHOR
++------
++Jonatan Schlag
++
++SEE ALSO
++--------
++link:network[8]
++link:network-zone[8]
++link:network-port[8]
+diff --git a/man/network-color.xml b/man/network-color.xml
+deleted file mode 100644
+index caf2349..0000000
+--- a/man/network-color.xml
++++ /dev/null
+@@ -1,91 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-color">
+- <refentryinfo>
+- <title>networ-color</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Jonatan</firstname>
+- <surname>Schlag</surname>
+- <email>jonatan.schlag@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-color</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-color</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The <command>color</command> helps to manage colors for zone and ports.
+- The color is used to make identification of a zone or port easier on the
+- command line or web user interface.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>set <replaceable>00AABB</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- The color of a zone or port is set with the <command>set</command> command.
+- It is always required to pass a valid color hex value (e.g. 880400).
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>
+- <command>reset</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command resets the color of a zone or port to blank.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-port</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,44 @@
+From 91305dee4f83ca35758e756903e3324117a26a7d Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 27 Sep 2018 00:36:02 +0200
+Subject: [PATCH 065/304] man: Drop test page
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 1 -
+ man/test.txt | 11 -----------
+ 2 files changed, 12 deletions(-)
+ delete mode 100644 man/test.txt
+
+diff --git a/Makefile.am b/Makefile.am
+index ebf3be7..55d5d18 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -453,7 +453,6 @@ INSTALL_DIRS += \
+ # ------------------------------------------------------------------------------
+
+ MANPAGES = \
+- man/test.8 \
+ man/firewall-settings.8 \
+ man/network.8 \
+ man/network-color.8 \
+diff --git a/man/test.txt b/man/test.txt
+deleted file mode 100644
+index 4c9d35d..0000000
+--- a/man/test.txt
++++ /dev/null
+@@ -1,11 +0,0 @@
+-test(8)
+-=======
+-
+-NAME
+-----
+-test - Hello World!
+-
+-SYNOPSIS
+---------
+-[verse]
+-'hello world' [<options>] <file>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,32 @@
+From 62191ec375cf7fc957690d88c663ae7ad479a1a4 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 27 Sep 2018 00:47:19 +0200
+Subject: [PATCH 066/304] man: network-color: Add synopsis
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-color.txt | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/man/network-color.txt b/man/network-color.txt
+index 7c95e18..f3be474 100644
+--- a/man/network-color.txt
++++ b/man/network-color.txt
+@@ -3,7 +3,13 @@ network-color(8)
+
+ NAME
+ ----
+-network-color - IPFire Network Configuration Control Program
++network-color - Allows assigning a color to a zone or port
++
++SYNOPSIS
++--------
++[verse]
++'network' [zone ZONE|port PORT] color set AABBCC
++'network' [zone ZONE|port PORT] reset
+
+ DESCRIPTION
+ -----------
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,409 @@
+From 66fe74f95f4da254fc1162c591a40012c17aab07 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 21:16:10 +0200
+Subject: [PATCH 067/304] man: Convert firewall-settings to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/firewall-settings.txt | 97 +++++++++++++
+ man/firewall-settings.xml | 284 --------------------------------------
+ 2 files changed, 97 insertions(+), 284 deletions(-)
+ create mode 100644 man/firewall-settings.txt
+ delete mode 100644 man/firewall-settings.xml
+
+diff --git a/man/firewall-settings.txt b/man/firewall-settings.txt
+new file mode 100644
+index 0000000..20038e3
+--- /dev/null
++++ b/man/firewall-settings.txt
+@@ -0,0 +1,97 @@
++firewall-settings(8)
++====================
++
++NAME
++----
++firewall-settings - Global firewall settings
++
++SYNOPSIS
++--------
++[verse]
++'firewall settings'
++'firewall settings' KEY=VALUE ...
++
++DESCRIPTION
++-----------
++This command is used to set global firewall settings.
++Please have a look at the individual man pages for more options.
++
++COMMANDS
++--------
++If no argument is given, the configuration will be dumped to the console.
++
++You may set a new value by adding the variable name and the new value to
++the command line.
++
++SETTINGS
++--------
++=== CONNTRACK_MAX_CONNECTIONS = 16384
++Limits the max. number of simultaneous connections.
++
++Modify this if you want to handle a larger number of concurrent
++connections. Every connection will use approx. 16 kBytes of memory.
++
++=== CONNTRACK_UDP_TIMEOUT = 60
++Defines the timeout (in seconds) the kernel will wait until
++a half-assured UDP connection is fully established.
++
++=== FIREWALL_ACCEPT_ICMP_REDIRECTS = [true|false]
++Enable if you want to accept ICMP redirect messages.
++
++=== FIREWALL_CLAMP_PATH_MTU = [true|false]
++If Path MTU Discovery does not work well, enable this option.
++
++It sets the MSS value of a packet so that the remote site would
++never send a packet bigger than the MSS value.
++
++No ICMP packets are needed to make this work, so use this on
++networks with broken ICMP filtering.
++
++=== FIREWALL_DEFAULT_TTL = 64
++Here you can change the default TTL used for sending packets.
++
++The given value must be between 10 and 255.
++Don't mess with this unless you know what you are doing.
++
++=== FIREWALL_LOG_BAD_TCP_FLAGS = [true|false]
++Enable this to log TCP packets with bad flags or options.
++
++=== FIREWALL_LOG_INVALID_ICMP = [true|false]
++Enable this to log INVALID ICMP packets.
++
++=== FIREWALL_LOG_INVALID_TCP = [true|false]
++Enable this to log INVALID TCP packets.
++
++=== FIREWALL_LOG_INVALID_UDP = [true|false]
++Enable this to log INVALID UDP packets.
++
++=== FIREWALL_LOG_MARTIANS = [true|false]
++Enable this to log packets with impossible addresses.
++
++=== FIREWALL_LOG_STEALTH_SCANS = [true|false]
++Enable this to log all stealth scans.
++
++=== FIREWALL_PMTU_DISCOVERY = [true|false]
++Enables Path MTU Discovery.
++
++=== FIREWALL_RP_FILTER = [true|false]
++Enable to drop connection from non-routable IPs,
++e.g. prevent source routing.
++
++=== FIREWALL_SYN_COOKIES = [true|false]
++Enable for SYN-flood protection.
++
++=== FIREWALL_USE_ECN = [true|false]
++Enables the ECN (Explicit Congestion Notification) TCP flag.
++
++Some routers on the Internet still do not support ECN properly.
++When this setting is disabled, ECN is only advertised
++when asked for.
++
++AUTHORS
++-------
++Michael Tremer
++
++SEE ALSO
++--------
++link:firewall[8]
+diff --git a/man/firewall-settings.xml b/man/firewall-settings.xml
+deleted file mode 100644
+index 7357f4c..0000000
+--- a/man/firewall-settings.xml
++++ /dev/null
+@@ -1,284 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="firewall-settings">
+- <refentryinfo>
+- <title>firewall-settings</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>firewall-settings</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>firewall-settings</refname>
+- <refpurpose>Firewall Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>firewall-settings</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>firewall-settings <replaceable>KEY=VALUE</replaceable></command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The <command>firewall-settings</command> command may be used to set
+- global firewall settingsuration options.
+- </para>
+- <para>
+- Please have a look at the individual man pages for more options.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- If no additional argument is given, running the command will
+- dump a list of all settingsuration variables and their current values.
+- </para>
+-
+- <para>
+- You may set a new value by adding the variable name and the new
+- value to the command line.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Variables</title>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <varname>CONNTRACK_MAX_CONNECTIONS</varname> = <replaceable>16384</replaceable>
+- </term>
+-
+- <listitem>
+- <para>
+- Limits the max. number of simultaneous connections.
+- </para>
+- <para>
+- Modify this if you want to handle a larger number of concurrent
+- connections. Every connection will use approx. 16 kBytes of memory.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>CONNTRACK_UDP_TIMEOUT</varname> = <replaceable>60</replaceable>
+- </term>
+-
+- <listitem>
+- <para>
+- Defines the timeout (in seconds) the kernel will wait until
+- a half-assured UDP connection is fully established.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_ACCEPT_ICMP_REDIRECTS</varname> = [true|<emphasis>false</emphasis>]
+- </term>
+-
+- <listitem>
+- <para>
+- Enable if you want to accept ICMP redirect messages.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_CLAMP_PATH_MTU</varname> = [true|<emphasis>false</emphasis>]
+- </term>
+-
+- <listitem>
+- <para>
+- If Path MTU Discovery does not work well, enable this option.
+- It sets the MSS value of a packet so that the remote site would
+- never send a packet bigger than the MSS value.
+- </para>
+- <para>
+- No ICMP packets are needed to make this work, so use this on
+- networks with broken ICMP filtering.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_DEFAULT_TTL</varname> = <replaceable>64</replaceable>
+- </term>
+-
+- <listitem>
+- <para>
+- Here you can change the default TTL used for sending packets.
+- </para>
+- <para>
+- The given value must be between 10 and 255.
+- Don't mess with this unless you know what you are doing.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_LOG_BAD_TCP_FLAGS</varname> = [<emphasis>true</emphasis>|false]
+- </term>
+-
+- <listitem>
+- <para>
+- Enable this to log TCP packets with bad flags or options.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_LOG_INVALID_ICMP</varname> = [<emphasis>true</emphasis>|false]
+- </term>
+-
+- <listitem>
+- <para>
+- Enable this to log INVALID ICMP packets.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_LOG_INVALID_TCP</varname> = [<emphasis>true</emphasis>|false]
+- </term>
+-
+- <listitem>
+- <para>
+- Enable this to log INVALID TCP packets.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_LOG_INVALID_UDP</varname> = [<emphasis>true</emphasis>|false]
+- </term>
+-
+- <listitem>
+- <para>
+- Enable this to log INVALID UDP packets.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_LOG_MARTIANS</varname> = [true|<emphasis>false</emphasis>]
+- </term>
+-
+- <listitem>
+- <para>
+- Enable this to log packets with impossible addresses.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_LOG_STEALTH_SCANS</varname> = [<emphasis>true</emphasis>|false]
+- </term>
+-
+- <listitem>
+- <para>
+- Enable this to log all stealth scans.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_PMTU_DISCOVERY</varname> = [true|<emphasis>false</emphasis>]
+- </term>
+-
+- <listitem>
+- <para>
+- Enables Path MTU Discovery.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_RP_FILTER</varname> = [<emphasis>true</emphasis>|false]
+- </term>
+-
+- <listitem>
+- <para>
+- Enable to drop connection from non-routable IPs,
+- e.g. prevent source routing.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_SYN_COOKIES</varname> = [<emphasis>true</emphasis>|false]
+- </term>
+-
+- <listitem>
+- <para>
+- Enable for SYN-flood protection.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>FIREWALL_USE_ECN</varname> = [<emphasis>true</emphasis>|false]
+- </term>
+-
+- <listitem>
+- <para>
+- Enables the ECN (Explicit Congestion Notification) TCP flag.
+- </para>
+- <para>
+- Some routers on the Internet still do not support ECN properly,
+- so this is not enabled by default.
+- When this setting is disabled, ECN is only advertised
+- when asked for.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>firewall</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,144 @@
+From c601b69e5d8db595fee00241702ee8bd2689c49e Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 21:24:48 +0200
+Subject: [PATCH 068/304] man: Convert network-description(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 1 -
+ man/include-description.txt | 11 +++++
+ man/network-description.xml | 92 -------------------------------------
+ 3 files changed, 11 insertions(+), 93 deletions(-)
+ create mode 100644 man/include-description.txt
+ delete mode 100644 man/network-description.xml
+
+diff --git a/Makefile.am b/Makefile.am
+index 55d5d18..287a111 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -456,7 +456,6 @@ MANPAGES = \
+ man/firewall-settings.8 \
+ man/network.8 \
+ man/network-color.8 \
+- man/network-description.8 \
+ man/network-device.8 \
+ man/network-dhcp.8 \
+ man/network-dns-server.8 \
+diff --git a/man/include-description.txt b/man/include-description.txt
+new file mode 100644
+index 0000000..a39ba55
+--- /dev/null
++++ b/man/include-description.txt
+@@ -0,0 +1,11 @@
++'description edit'::
++ This command opens an editor and allows you to edit title and description.
++
++ NOTE: The formation of the description is similar to a git commit.
++ Every description has a title, the first line of the description.
++ The title is shown on the status page and in the web user interface.
++ It should be something short like "Office Lan" or "DMZ".
++ After the title can follow a longer description.
++
++'description show'::
++ Prints the description.
+diff --git a/man/network-description.xml b/man/network-description.xml
+deleted file mode 100644
+index f1722b4..0000000
+--- a/man/network-description.xml
++++ /dev/null
+@@ -1,92 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-color">
+- <refentryinfo>
+- <title>networ-color</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Jonatan</firstname>
+- <surname>Schlag</surname>
+- <email>jonatan.schlag@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-description</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-description</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The <command>description</command> command make it possible to add descriptions to zone and ports.
+- A description is similar to a git commit. Every description has a title, the first line of the describtion file.
+- The title is shown on the status page and in the webinterface. It should be something short like Office Lan or DMZ.
+- After the title can follow a longer description. You can write whatever you want.
+- This longer description is shown via the <command>show</command> command
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>edit</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command opens an editor and allows you to edit title and description.
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>
+- <command>show</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command prints title and the longer description in a nice way.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-port</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,254 @@
+From 9d2265232d8a1c399617e347bda66a8019d8b36d Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 21:40:53 +0200
+Subject: [PATCH 069/304] man: Convert network-device(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-device.txt | 61 +++++++++++++++
+ man/network-device.xml | 165 -----------------------------------------
+ 2 files changed, 61 insertions(+), 165 deletions(-)
+ create mode 100644 man/network-device.txt
+ delete mode 100644 man/network-device.xml
+
+diff --git a/man/network-device.txt b/man/network-device.txt
+new file mode 100644
+index 0000000..33fcefa
+--- /dev/null
++++ b/man/network-device.txt
+@@ -0,0 +1,61 @@
++network(8)
++==========
++
++NAME
++----
++network-device - Controls network devices
++
++SYNOPSIS
++--------
++[verse]
++'network device' [<options>] <command> ...
++
++DESCRIPTION
++-----------
++The 'network device' command shows low-level status information
++of network devices and other things.
++
++COMMANDS
++--------
++The following commands are understood:
++
++'list'::
++ This command shows a list of all device that are currently present
++ on this system. This includes PHYs and serial devices as well.
++
++'DEVICE discover'::
++ Runs a discovery for many hooks on the given device.
++
++ This will check if the hook can find for example a DHCP server or
++ DSLAM and thus predict for what the device should be used.
++
++'DEVICE identify'::
++ This command only works for Ethernet adapters and will make those
++ that support this feature flash for a few seconds.
++
++ It is handy to find the right device to put the cable in.
++
++'DEVICE monitor'::
++ This command creates a monitor interface for wireless modules.
++
++ An instance of link:tcpdump[8] will be started and show all
++ frames that are sent or received on the 802.11 layer (layer 2).
++
++'DEVICE status'::
++ This will show you very detailed information about the given device.
++
++'DEVICE unlock'::
++ This command will unlock the SIM card in a modem.
++ Only serial devices are supported which are the most 4G or 3G modems.
++
++ For the PIN or PUK code, the user will be prompted.
++
++AUTHORS
++-------
++Michael Tremer
++
++SEE ALSO
++--------
++link:network[8]
++link:network-port[8]
++link:network-zone[8]
+diff --git a/man/network-device.xml b/man/network-device.xml
+deleted file mode 100644
+index 11dc04e..0000000
+--- a/man/network-device.xml
++++ /dev/null
+@@ -1,165 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-device">
+- <refentryinfo>
+- <title>network-device</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-device</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-device</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network device <arg choice="plain">COMMAND</arg></command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- With help of the <command>device</command> subcommands, it is very easy
+- to get status information about network devices and to do some more
+- things.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>list</command>
+- </term>
+-
+- <listitem>
+- <para>
+- The <command>list</command> command will show a list
+- of all devices that are currently plugged in or active
+- on the system.
+- This includes PHYs and serial devices as well.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>DEVICE</replaceable> status</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This will show you very detailed information about the given
+- device.
+- </para>
+- <para>
+- This is all about the ethernet parts of the device and
+- does not contain any IP information as this is defined
+- as a zone (<citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>).
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>DEVICE</replaceable> identify</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command only works for Ethernet adapters and will
+- make those that support this feature flash for a few
+- seconds.
+- It is handy to find the right device to put the cable in.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>DEVICE</replaceable> discover</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Runs a discovery for many hooks on the given device.
+- This will check if the hook can find for example a DHCP
+- server or DSLAM and thus predict for what the device
+- should be used.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>DEVICE</replaceable> unlock</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command will unlock the SIM card in a modem.
+- Only serial devices are supported which are the most
+- UMTS or 3G modems.
+- </para>
+- <para>
+- For the PIN or PUK code, the user will be prompted.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>DEVICE</replaceable> monitor</command>
+- </term>
+-
+- <listitem>
+- <para>
+- The <command>monitor</command> command is used to
+- create a monitor interface for wireless modules.
+- An instance of tcpdump will be started and show
+- all frames that are sent or received on the 802.11
+- layer (layer 2) of the wireless network.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,217 @@
+From c6e12dc53a1e65a0089ee0ddb0573a29bc2acd8a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 21:46:49 +0200
+Subject: [PATCH 070/304] man: Convert network-dhcp(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-dhcp.txt | 44 +++++++++++++
+ man/network-dhcp.xml | 145 -------------------------------------------
+ 2 files changed, 44 insertions(+), 145 deletions(-)
+ create mode 100644 man/network-dhcp.txt
+ delete mode 100644 man/network-dhcp.xml
+
+diff --git a/man/network-dhcp.txt b/man/network-dhcp.txt
+new file mode 100644
+index 0000000..a448619
+--- /dev/null
++++ b/man/network-dhcp.txt
+@@ -0,0 +1,44 @@
++network(8)
++==========
++
++NAME
++----
++network-dhcp - Controls the DHCP Server
++
++SYNOPSIS
++--------
++[verse]
++'network dhcpv6' <command> ...
++'network dhcpv4' <command> ...
++
++DESCRIPTION
++-----------
++With help of the DHCP commands it is possible to configure DHCP
++servers for IPv6 and IPv4.
++
++COMMANDS
++--------
++The following commands are understood:
++
++'start'::
++ Starts the DHCP server.
++
++'stop'::
++ Stops the DHCP server.
++
++'restart'::
++ Restarts the DHCP server.
++
++'reload'::
++ Reload the DHCP server configuration.
++
++'subnet ...'::
++ TODO
++
++AUTHORS
++-------
++Michael Tremer
++
++SEE ALSO
++--------
++link:network[8]
+diff --git a/man/network-dhcp.xml b/man/network-dhcp.xml
+deleted file mode 100644
+index cc081bb..0000000
+--- a/man/network-dhcp.xml
++++ /dev/null
+@@ -1,145 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-dhcp">
+- <refentryinfo>
+- <title>network-dhcp</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-dhcp</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-dhcp</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network <arg choice="plain">[dhcpv6|dhcpv4]</arg> <arg choice="plain">command</arg> ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- With help of the <command>dhcp</command> commands it is possible to
+- configure DHCP servers for IPv6 and IPv4.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>start</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Starts the DHCP service.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>stop</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Stops the DHCP service.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>restart</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Restarts the DHCP service immediately.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>reload</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Reload the DHCP service configuration.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>show</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Shows the DHCP configuration.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>subnet ...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Use this command to manage subnets.
+- See <citerefentry>
+- <refentrytitle>network-dhcp-subnet</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> for details.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-dhcp-subnet</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,306 @@
+From 063089cbdb2745248bd8556e87de4a0d2bc8091d Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 21:59:01 +0200
+Subject: [PATCH 071/304] man: Convert network-dns-server(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-dns-server.txt | 75 ++++++++++++++
+ man/network-dns-server.xml | 203 -------------------------------------
+ 2 files changed, 75 insertions(+), 203 deletions(-)
+ create mode 100644 man/network-dns-server.txt
+ delete mode 100644 man/network-dns-server.xml
+
+diff --git a/man/network-dns-server.txt b/man/network-dns-server.txt
+new file mode 100644
+index 0000000..bd01ca7
+--- /dev/null
++++ b/man/network-dns-server.txt
+@@ -0,0 +1,75 @@
++network-dns-server(8)
++=====================
++
++NAME
++----
++network-dns-server - Controls the DNS settings
++
++SYNOPSIS
++--------
++[verse]
++'network dns-server' add SERVER [PRIORITY]
++'network dns-server' remove SERVER
++'network dns-server' list
++'network dns-server' update
++
++DESCRIPTION
++-----------
++With this command, you will be able to configure the local DNS
++configuration.
++
++You may add and remove DNS servers as well as view the settings.
++
++COMMANDS
++--------
++The following commands are understood:
++
++'add' SERVER [PRIORITY]::
++ A new DNS server may be added to the list by the
++ 'add' command.
++ A priority that will rank the server my optionally be given.
++
++ NOTE: SERVER must be a valid IP address and PRIORITY
++ must be a positive number.
++ The smaller this number, the higher is is the rank of
++ the server.
++
++'remove' SERVER::
++ The given server will be removed from the list of DNS servers.
++
++'list'::
++ Shows a list of all servers that are currently in use.
++
++'update'::
++ This command will re-create the system's configuration
++ files. It should not be required to use this command
++ very often.
++
++SETTINGS
++--------
++The following settings may be set using link:network-settings[8]:
++
++'DNS_USE_LOCAL_RESOLVER = [true|false]'::
++ This option defines whether the local DNS resolver should
++ be used or not.
++
++ Basically, the option adds localhost to the list of nameservers
++ in link:resolv.conf[5].
++
++'DNS_SEARCH_DOMAINS ='::
++ This setting configures the search domains for DNS queries
++ made by the local system.
++
++'DNS_RANDOMIZE = [true|false]'::
++ This option will break the DNS server ranks and will query
++ them in a random order which is useful to load-balance
++ multiple DNS servers.
++
++AUTHORS
++-------
++Michael Tremer
++
++SEE ALSO
++--------
++link:network[8],
++link:network-settings[8]
+diff --git a/man/network-dns-server.xml b/man/network-dns-server.xml
+deleted file mode 100644
+index aec52d4..0000000
+--- a/man/network-dns-server.xml
++++ /dev/null
+@@ -1,203 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-dns-server">
+- <refentryinfo>
+- <title>network-dns-server</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-dns-server</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-dns-server</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network dns-server <arg choice="plain">[add|remove]</arg> <arg choice="plain">SERVER</arg> [<arg choice="plain">PRIORITY</arg>]</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>network dns-server <arg choice="plain">[list|update]</arg></command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- With help of the <command>dns-server</command> subcommand, you will
+- be able to configure the local DNS configuration.
+- DNS is short for Domain Name System.
+- </para>
+- <para>
+- You may add and remove DNS servers as well as view the settings.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>
+- add
+- <replaceable>SERVER</replaceable>
+- [<replaceable>PRIORITY</replaceable>]
+- </command>
+- </term>
+-
+- <listitem>
+- <para>
+- A new DNS server may be added to the list by the
+- <command>add</command> command. A priority that will
+- rank the server my optionally be given.
+- </para>
+- <para>
+- <replaceable>SERVER</replaceable> must be a valid IP address
+- and <replaceable>PRIORITY</replaceable> must be a positive
+- integer number. The smaller this number, the higher is
+- is the rank of the server.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>
+- remove
+- <replaceable>SERVER</replaceable>
+- </command>
+- </term>
+-
+- <listitem>
+- <para>
+- The given server will be removed from the list of
+- DNS servers.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>list</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Shows a list of all servers that are currently in use.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>update</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command will re-create the system's configuration
+- files. It should not be required to use this command
+- very often.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>Variables</title>
+-
+- <para>
+- These variables may be set by using the <citerefentry>
+- <refentrytitle>network-settings</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> command.
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <varname>DNS_USE_LOCAL_RESOLVER</varname>=[<emphasis>true</emphasis>|false]
+- </term>
+-
+- <listitem>
+- <para>
+- This option defines whether the local DNS resolver should
+- be used or not.
+- </para>
+- <para>
+- Basically, the option adds localhost to the list of
+- nameservers in <citerefentry>
+- <refentrytitle>resolv.conf</refentrytitle>
+- <manvolnum>5</manvolnum>
+- </citerefentry>.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>DNS_SEARCH_DOMAINS</varname>=
+- </term>
+-
+- <listitem>
+- <para>
+- This setting configures the search domains for DNS queries
+- made by the local system.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>DNS_RANDOMIZE</varname>=[true|<emphasis>false</emphasis>]
+- </term>
+-
+- <listitem>
+- <para>
+- This option will break the DNS server ranks and will query
+- them in a random order which is useful to load-balance
+- multiple DNS servers.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-settings</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,135 @@
+From c20f292770a6423c112b7f96d724bb13c4019d2a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 22:04:08 +0200
+Subject: [PATCH 072/304] man: Convert network-performance-tuning(8) to
+ asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-performance-tuning.txt | 33 ++++++++++++++
+ man/network-performance-tuning.xml | 73 ------------------------------
+ 2 files changed, 33 insertions(+), 73 deletions(-)
+ create mode 100644 man/network-performance-tuning.txt
+ delete mode 100644 man/network-performance-tuning.xml
+
+diff --git a/man/network-performance-tuning.txt b/man/network-performance-tuning.txt
+new file mode 100644
+index 0000000..763ee21
+--- /dev/null
++++ b/man/network-performance-tuning.txt
+@@ -0,0 +1,33 @@
++network-performance-tuning(8)
++=============================
++
++NAME
++----
++network-performance-tuning - Performance Tuning for Networking
++
++DESCRIPTION
++-----------
++This page contains a summary of some performance tuning techniques
++that this system is using.
++
++=== SMP Affinity
++
++This system is automatically using SMP affinity for every physical
++network controller, if supported.
++
++A processor core is assigned to handle all interrupts of a certain
++network controller which will result in minimising cache misses,
++reducing network latency and quite possibly increasing throughput.
++
++The algorithm is trying to balance all network controllers across
++all processors.
++
++See /proc/interrups for the distribution of interrupts.
++
++AUTHORS
++-------
++Michael Tremer
++
++SEE ALSO
++--------
++link:network[8]
+diff --git a/man/network-performance-tuning.xml b/man/network-performance-tuning.xml
+deleted file mode 100644
+index 898f142..0000000
+--- a/man/network-performance-tuning.xml
++++ /dev/null
+@@ -1,73 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-performance-tuning">
+- <refentryinfo>
+- <title>network-performance-tuning</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-performance-tuning</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-performance-tuning</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- This page contains a summary of some performance tuning techniques
+- that this system is using.
+- </para>
+- </refsect1>
+-
+- <refsect2>
+- <title>SMP Affinity</title>
+-
+- <para>
+- This system is automatically using SMP affinity for every physical
+- network controller, if supported.
+- </para>
+-
+- <para>
+- A processor core is assigned to handle all interrupts of a certain
+- network controller which will result in minimising cache misses,
+- reducing network latency and quite possibly increasing throughput.
+- </para>
+-
+- <para>
+- The algorithm is trying to balance all network controllers across
+- all processors.
+- </para>
+-
+- <para>
+- See /proc/interrups for the distribution of interrupts.
+- </para>
+- </refsect2>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,370 @@
+From 065346332054e3b2be85bee3f6d71a3dc34d6275 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 22:27:40 +0200
+Subject: [PATCH 073/304] man: Convert network-port(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-port.txt | 97 +++++++++++++++++
+ man/network-port.xml | 245 -------------------------------------------
+ 2 files changed, 97 insertions(+), 245 deletions(-)
+ create mode 100644 man/network-port.txt
+ delete mode 100644 man/network-port.xml
+
+diff --git a/man/network-port.txt b/man/network-port.txt
+new file mode 100644
+index 0000000..08b9e90
+--- /dev/null
++++ b/man/network-port.txt
+@@ -0,0 +1,97 @@
++network-port(8)
++===============
++
++NAME
++----
++network-port - Controls Network Ports
++
++SYNOPSIS
++--------
++[verse]
++'network port' new HOOK ...
++'network port' destroy PORT
++'network port' PORT color
++'network port' PORT create
++'network port' PORT description edit
++'network port' PORT description show
++'network port' PORT down
++'network port' PORT edit ...
++'network port' PORT identify
++'network port' PORT remove
++'network port' PORT status
++'network port' PORT up
++
++DESCRIPTION
++-----------
++This command creates, deletes, changes and views the configuration
++and status of ports.
++
++NOTE: A port is a physical or virtual device that is directly connected
++to an other network. It connects those and zones together.
++The 'network device' command shows status information of network devices
++and other things.
++
++COMMANDS
++--------
++The following commands are understood:
++
++'new' HOOK ...::
++ A new port may be created with this command.
++ HOOK must be a valid hook which may require more options.
++
++'destroy' PORT::
++ Destroys the port PORT.
++ The port is removed from any zones it is attached to and shut down.
++
++For all other commands, the name of the port needs to be passed first:
++
++'color'::
++ This command allows settings a color for a port.
++ See link:network-color[8] for more information.
++
++'create'::
++ This will create devices for the existing port PORT.
++
++ This does not create a new port. It will just create the (possibly
++ virtual) interface this port (i.e. create an interface for a WiFi
++ module or a VLAN device).
++
++ The interface is not brought up. Use the 'up' command to do that.
++
++include::include-description.txt[]
++
++'down'::
++ Shuts down the port.
++
++'edit'::
++ This command can be used to alter the configuration of a port.
++ Consult the documentation of the port hook to find out what is supported.
++
++'identify'::
++ This command will make the port flash for a few seconds
++ so that you can identify the correct network adapters
++ in the system.
++
++ This is not supported by all network adapters.
++
++'remove'::
++ This will remove an existing PORT.
++
++ This does not destroy the port. It inverses the operation performed
++ by the 'create' command.
++
++'status'::
++ This will show some detailed information about the status
++ of the specified port.
++
++'up'::
++ Brings up the port. It has to be created first.
++
++AUTHORS
++-------
++Michael Tremer
++
++SEE ALSO
++--------
++link:network[8],
++link:network-zone[8]
+diff --git a/man/network-port.xml b/man/network-port.xml
+deleted file mode 100644
+index 5c0a8ae..0000000
+--- a/man/network-port.xml
++++ /dev/null
+@@ -1,245 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-port">
+- <refentryinfo>
+- <title>network-port</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-port</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-port</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network port <arg choice="plain">[new|destroy]</arg> <replaceable>PORT</replaceable> ...</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>network port <replaceable>PORT</replaceable> <arg choice="plain">command</arg> ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- With help of the <command>port</command> command, you can create, delete,
+- change and view the configuration and status of ports.
+- </para>
+-
+- <para>
+- A port is a physical or virtual device that is directly connected
+- to an other network. If connects those and zones together.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>new <replaceable>HOOK</replaceable> <arg choice="opt" rep="repeat">ARGUMENTS</arg></command>
+- </term>
+-
+- <listitem>
+- <para>
+- A new port may be created by the <command>new</command>
+- command.
+- </para>
+- <para>
+- <replaceable>HOOK</replaceable> must be a valid
+- hook which may require more <replaceable>ARGUMENTS</replaceable>.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>destroy <replaceable>PORT</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- A port can be destroyed with this command.
+- </para>
+- <para>
+- The port is removed from any zones it is attached
+- to and shut down.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+-
+- <para>
+- For all other commands, the name of the port needs to be passed first:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command><replaceable>PORT</replaceable> create</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This will create an existing <replaceable>PORT</replaceable>.
+- </para>
+- <para>
+- This does not create a new port. It will just create the (possibly
+- virtual) interface this port (i.e. create an interface for a WiFi
+- module or a VLAN device).
+- </para>
+- <para>
+- The interface is not brought up. Use the <command>up</command> command
+- to do that.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>PORT</replaceable> remove</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This will remove an existing <replaceable>PORT</replaceable>.
+- </para>
+- <para>
+- This does not destroy the port. It inverses the operation performed
+- by the <command>create</command> command.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>PORT</replaceable> [up|down]</command>
+- </term>
+-
+- <listitem>
+- <para>
+- These commands will bring the port up or down. It has to be
+- created first.
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>
+- <command><replaceable>PORT</replaceable> color</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows settings a color for a port.
+- See
+- <citerefentry>
+- <refentrytitle>network-color</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- for more information.
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>
+- <command><replaceable>PORT</replaceable>description</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows you to add a description to a port.
+- See
+- <citerefentry>
+- <refentrytitle>network-description</refentrytitle>
+- <manvolnum>8</manvolnum>,
+- </citerefentry>
+- for more information.
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>
+- <command><replaceable>PORT</replaceable> edit <arg choice="opt" rep="repeat">ARGUMENTS</arg></command>
+- </term>
+-
+- <listitem>
+- <para>
+- The <command>edit</command> command can be used to alter
+- the configuration of a port. Consult the documentation of the
+- port hook to find out which <replaceable>ARGUMENTS</replaceable>
+- are supported.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>PORT</replaceable> status</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This will show some detailed information about the state
+- if the specified port.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>PORT</replaceable> identify</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command will make the port flash for a few seconds
+- so that you can identify the correct network adapters
+- in the system.
+- </para>
+- <para>
+- This is not supported by all network adapters.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>,
+- </citerefentry>
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,275 @@
+From 27b9807e568edee69afa758481be164662770901 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 22:40:35 +0200
+Subject: [PATCH 074/304] man: Converting network-quick-start(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-quick-start.txt | 92 +++++++++++++++++++++
+ man/network-quick-start.xml | 155 ------------------------------------
+ 2 files changed, 92 insertions(+), 155 deletions(-)
+ create mode 100644 man/network-quick-start.txt
+ delete mode 100644 man/network-quick-start.xml
+
+diff --git a/man/network-quick-start.txt b/man/network-quick-start.txt
+new file mode 100644
+index 0000000..02ebfe0
+--- /dev/null
++++ b/man/network-quick-start.txt
+@@ -0,0 +1,92 @@
++network-quick-start(8)
++======================
++
++NAME
++----
++network-quick-start - Quick Start Guide for Networking
++
++DESCRIPTION
++-----------
++The link:network[8] is a very powerful command that allows you to configure
++the entire networking stack.
++Unfortunately that makes it quite complicated to use as well.
++
++This guide tries to be a good starting point to set up basic networking with
++the 'network' command.
++
++=== Adding an Uplink Zone
++
++The first step is to create a new uplink zone with name 'upl0'.
++
++This zone will be of the link:network-zone-bridge[8] type which is the default
++for all local networks.
++
++------------
++# network zone new upl0 bridge
++------------
++
++The zone will be created and brought up immediately.
++
++=== Attaching Ports
++
++To connect the zone to the physical world outside of our box we will need
++to attach ports to the zone. That is done with a single command.
++To execute this command, we will need to know which ports are available.
++One of the easiest way to find out about that is to use the auto-completion
++feature of the shell like this:
++
++------------
++# network zone upl0 port attach [TAB] [TAB]
++------------
++
++That will list all not yet attached ports. The following command will actually
++attach the port (which is 'p0' in this example).
++
++-----------
++# network zone upl0 port attach p0
++-----------
++
++You can as well get a list of all detected devices, zones and ports by running:
++
++-----------
++# network device list
++-----------
++
++To a zone of the 'bridge' type you may attach more than just one port if you
++wish to.
++
++=== IP Connectivity
++
++After a zone has been created and ports have been attached, you are now
++able to add IP connectivity.
++
++The easiest way to do that is using DHCP which can be enabled by this simple command:
++
++------------
++# network zone upl0 config new dhcp
++------------
++
++=== Debugging
++
++You may see the current status of the network by running this command:
++
++------------
++# network status
++------------
++
++The entire network can be restarted by running:
++
++------------
++# network restart
++------------
++
++AUTHORS
++-------
++Michael Tremer
++
++SEE ALSO
++--------
++link:network[8],
++link:network-device[8],
++link:network-port[8],
++link:network-zone[8]
+diff --git a/man/network-quick-start.xml b/man/network-quick-start.xml
+deleted file mode 100644
+index ea79700..0000000
+--- a/man/network-quick-start.xml
++++ /dev/null
+@@ -1,155 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network">
+- <refentryinfo>
+- <title>network-quick-start</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-quick-start</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-quick-start</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsect1>
+- <title>Quick Start Guide</title>
+-
+- <para>
+- The <command>network</command> is a very powerful command that allows
+- you to configure the entire networking stack. Unfortunately that makes
+- it quite complicated to use as well.
+- This guide tries to be a good starting point to set up basic networking
+- with the <command>network</command> command.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Add an uplink zone</title>
+-
+- <para>
+- The first step is to create a new uplink zone with name
+- <replaceable>upl0</replaceable>.
+- This zone will be of the <replaceable>bridge</replaceable> type which is
+- the default for all local networks.
+- </para>
+-
+- <programlisting># network zone new <replaceable>upl0</replaceable> <replaceable>bridge</replaceable></programlisting>
+-
+- <para>
+- The zone will be created and brought up immediately.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Attaching ports</title>
+-
+- <para>
+- To connect the zone to the physical world outside of our box we will need
+- to attach ports to the zone.
+- That is done with a single command.
+- To execute this command, we will need to know which ports are available.
+- One of the easiest way to find out about that is to use the auto-completion
+- feature of the shell like this:
+- </para>
+-
+- <programlisting># network zone <replaceable>upl0</replaceable> port attach [TAB] [TAB]</programlisting>
+-
+- <para>
+- That will list all not yet attached ports.
+- The following command will actually attach the port
+- (which is <replaceable>p0</replaceable> in this example).
+- </para>
+-
+- <programlisting># network zone <replaceable>upl0</replaceable> port attach <replaceable>p0</replaceable></programlisting>
+-
+- <para>
+- You can as well get a list of all detected devices,
+- zones and ports by running:
+- </para>
+-
+- <programlisting># network device list</programlisting>
+-
+- <para>
+- To a zone of the <replaceable>bridge</replaceable> type you may attach more
+- than just one port if you wish so.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>IP connectivity</title>
+-
+- <para>
+- After a zone has been created and ports have been attached, you are now
+- able to add IP connectivity.
+- The easiest way to do that is using DHCP which can be enabled by this
+- simple command:
+- </para>
+-
+- <programlisting># network zone <replaceable>upl0</replaceable> config new <replaceable>ipv6-dhcp</replaceable></programlisting>
+-
+- <para>
+- And for IPv4:
+- </para>
+-
+- <programlisting># network zone <replaceable>upl0</replaceable> config new <replaceable>ipv4-dhcp</replaceable></programlisting>
+- </refsect1>
+-
+- <refsect1>
+- <title>Debugging</title>
+-
+- <para>
+- You may see the current status of the network by running this command:
+- </para>
+-
+- <programlisting># network status</programlisting>
+-
+- <para>
+- The entire network can be restarted by running:
+- </para>
+-
+- <programlisting># network restart</programlisting>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-config</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-device</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-port</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,55 @@
+From d28ccf91678256bc299fed2c10b066682487b1e9 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 22:53:20 +0200
+Subject: [PATCH 075/304] man: Use include for color commands
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/include-color.txt | 9 +++++++++
+ man/network-port.txt | 7 +++----
+ 2 files changed, 12 insertions(+), 4 deletions(-)
+ create mode 100644 man/include-color.txt
+
+diff --git a/man/include-color.txt b/man/include-color.txt
+new file mode 100644
+index 0000000..073c01b
+--- /dev/null
++++ b/man/include-color.txt
+@@ -0,0 +1,9 @@
++'color set <color>'::
++ The color is set with this command and required to be passed in
++ RGB hex formatting
++
++ NOTE: The color is being used to make identification of network devices
++ easier on the command line and web user interface.
++
++'color reset'::
++ Resets the color to blank.
+diff --git a/man/network-port.txt b/man/network-port.txt
+index 08b9e90..0c26f33 100644
+--- a/man/network-port.txt
++++ b/man/network-port.txt
+@@ -10,7 +10,8 @@ SYNOPSIS
+ [verse]
+ 'network port' new HOOK ...
+ 'network port' destroy PORT
+-'network port' PORT color
++'network port' PORT color set <color>
++'network port' PORT color reset
+ 'network port' PORT create
+ 'network port' PORT description edit
+ 'network port' PORT description show
+@@ -45,9 +46,7 @@ The following commands are understood:
+
+ For all other commands, the name of the port needs to be passed first:
+
+-'color'::
+- This command allows settings a color for a port.
+- See link:network-color[8] for more information.
++include::include-color.txt[]
+
+ 'create'::
+ This will create devices for the existing port PORT.
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,72 @@
+From 7c329515f1e23231c315d41b55c4d9bea58c7d1c Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 22:54:02 +0200
+Subject: [PATCH 076/304] man: Drop old network-color(8) man page
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 1 -
+ man/network-color.txt | 39 ---------------------------------------
+ 2 files changed, 40 deletions(-)
+ delete mode 100644 man/network-color.txt
+
+diff --git a/Makefile.am b/Makefile.am
+index 287a111..26f2e9c 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -455,7 +455,6 @@ INSTALL_DIRS += \
+ MANPAGES = \
+ man/firewall-settings.8 \
+ man/network.8 \
+- man/network-color.8 \
+ man/network-device.8 \
+ man/network-dhcp.8 \
+ man/network-dns-server.8 \
+diff --git a/man/network-color.txt b/man/network-color.txt
+deleted file mode 100644
+index f3be474..0000000
+--- a/man/network-color.txt
++++ /dev/null
+@@ -1,39 +0,0 @@
+-network-color(8)
+-================
+-
+-NAME
+-----
+-network-color - Allows assigning a color to a zone or port
+-
+-SYNOPSIS
+---------
+-[verse]
+-'network' [zone ZONE|port PORT] color set AABBCC
+-'network' [zone ZONE|port PORT] reset
+-
+-DESCRIPTION
+------------
+-The 'color' command helps to manage colors for zones and ports.
+-The color is being used to make identification of a zone or port easier on the
+-command line and web user interface.
+-
+-COMMANDS
+---------
+-The following commands are understood:
+-
+-'set' [AABBCC]::
+- The color of a zone or port is set with the 'set' command.
+- It is required to pass a color in hex formatting.
+-
+-'reset'::
+- Resets the color of a zone or port to blank.
+-
+-AUTHOR
+-------
+-Jonatan Schlag
+-
+-SEE ALSO
+---------
+-link:network[8]
+-link:network-zone[8]
+-link:network-port[8]
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,38 @@
+From ec3a18b8cf262977d6fd73cee231338ce1b96ffd Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 30 Sep 2018 22:55:51 +0200
+Subject: [PATCH 077/304] man: Fix page headers
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-device.txt | 4 ++--
+ man/network-dhcp.txt | 4 ++--
+ 2 files changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/man/network-device.txt b/man/network-device.txt
+index 33fcefa..4f1c1b0 100644
+--- a/man/network-device.txt
++++ b/man/network-device.txt
+@@ -1,5 +1,5 @@
+-network(8)
+-==========
++network-device(8)
++=================
+
+ NAME
+ ----
+diff --git a/man/network-dhcp.txt b/man/network-dhcp.txt
+index a448619..bcb768e 100644
+--- a/man/network-dhcp.txt
++++ b/man/network-dhcp.txt
+@@ -1,5 +1,5 @@
+-network(8)
+-==========
++network-dhcp(8)
++===============
+
+ NAME
+ ----
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,157 @@
+From 70172845e300fb2bf491d471224bd087b0c4e0f4 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 15:08:46 +0200
+Subject: [PATCH 078/304] man: Convert network-route(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-route.txt | 32 ++++++++++++++
+ man/network-route.xml | 97 -------------------------------------------
+ 2 files changed, 32 insertions(+), 97 deletions(-)
+ create mode 100644 man/network-route.txt
+ delete mode 100644 man/network-route.xml
+
+diff --git a/man/network-route.txt b/man/network-route.txt
+new file mode 100644
+index 0000000..bf3ddb4
+--- /dev/null
++++ b/man/network-route.txt
+@@ -0,0 +1,32 @@
++network-route(8)
++================
++
++NAME
++----
++network-route - Manage Routing
++
++SYNOPSIS
++--------
++[verse]
++'network route' COMMAND ...
++
++DESCRIPTION
++-----------
++This command helps to manage routes.
++
++COMMANDS
++--------
++The following commands are understood:
++
++'static' ...::
++ Static routes are managed by the 'static' command followed by the options
++ for static routes which are described in link:network-route-static[8]
++
++AUTHORS
++-------
++Michael Tremer
++
++SEE ALSO
++--------
++link:network[8],
++link:network-route-static[8]
+diff --git a/man/network-route.xml b/man/network-route.xml
+deleted file mode 100644
+index 207a5ce..0000000
+--- a/man/network-route.xml
++++ /dev/null
+@@ -1,97 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-route">
+- <refentryinfo>
+- <title>network-route</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-route</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-route</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network route <arg choice="plain">COMMAND</arg></command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The <command>route</command> helps to manage routes.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>static</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Static routes are managed by the <command>static</command> command
+- followed by the options for static routes which are described in:
+- <citerefentry>
+- <refentrytitle>network-route-static</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>Route Types</title>
+-
+- <refsect2>
+- <title>static</title>
+-
+- <para>
+- A static route is a route which does not change when the network changes.
+- </para>
+- </refsect2>
+-</refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-route-static</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,26 @@
+From 82003431a4998e04e0e67f12ee6c3b6e5e802901 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 15:10:49 +0200
+Subject: [PATCH 079/304] .gitignore: Ignore DS_Store
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ .gitignore | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/.gitignore b/.gitignore
+index 36c85a1..bb093d3 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -14,6 +14,8 @@
+ /*.tar.bz2
+ /*.tar.gz
+ /*.tar.xz
++.DS_Store
++._.DS_Store
+ *.log
+ *.cache
+ *.la
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,280 @@
+From d715390e9b1c4cc72bd22b915a842acc96912108 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 15:34:19 +0200
+Subject: [PATCH 080/304] man: Convert network-route-static(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-route-static.txt | 69 +++++++++++++
+ man/network-route-static.xml | 183 -----------------------------------
+ 2 files changed, 69 insertions(+), 183 deletions(-)
+ create mode 100644 man/network-route-static.txt
+ delete mode 100644 man/network-route-static.xml
+
+diff --git a/man/network-route-static.txt b/man/network-route-static.txt
+new file mode 100644
+index 0000000..d4774b2
+--- /dev/null
++++ b/man/network-route-static.txt
+@@ -0,0 +1,69 @@
++= network-route-static(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-route - Manage Static Routing
++
++== SYNOPSIS
++[verse]
++'network route static' COMMAND ...
++'network route static add' NETWORK [--gateway=GATEWAY,--unreachable,--prohibit,--blackhole] [--mtu=MTU]
++'network route static remove' NETWORK
++'network route static list' [--protocol=ipv6|ipv4]
++
++== DESCRIPTION
++This command helps to manage routes.
++
++== COMMANDS
++The following commands are understood:
++
++'add' NETWORK ...::
++ A new route may be added by the 'add' command. It is required to pass a
++ valid network prefix NETWORK, which can be either IPv6 or IPv4.
++ +
++ For unicast routes, the '--gateway=GATEWAY' option must be passed, where
++ GATEWAY is a valid IP address of the same protocol type as the network
++ prefix is.
++ +
++ Use '--unreachable', '--prohibit', '--blackhole' can be used to create of
++ that type. See ROUTE TYPES below for more information about these options.
++ +
++ The optional '--mtu=MTU' parameter defines the MTU along the path to the
++ destination and must be an integer number. This will show you very
++ detailed information about the given device.
++
++'remove' NETWORK::
++ A route can be removed with this command.
++ +
++ NETWORK is the network prefix of an existing route.
++
++'list'::
++ Shows a list of all configured routes.
++ +
++ Output can be filtered by passing --protocol=[ipv6|ipv4].
++
++== ROUTE TYPES
++
++[horizontal]
++'unicast'::
++ A unicast route is the most common route in routing tables. It is a route to
++ a destination network address, which describes the path to the destination.
++ Use the '--gateway=GATEWAY' option to create such a route.
++
++'unreachable'::
++ When a route is determined and the routing decision process returns a
++ destination with an unreachable route type, an ICMP unreachable message is
++ generated and returned to the source address.
++
++'prohibit'::
++ This works like an _unreachable_ route, but the returned ICMP message is an
++ ICMP prohibited message.
++
++'blackhole'::
++ Packets matching this kind of route are silently discarded.
++ There will be no ICMP message sent to the source and no packet be forwarded.
++
++== SEE ALSO
++link:network[8],
++link:network-route[8],
++link:ip-route[8]
+diff --git a/man/network-route-static.xml b/man/network-route-static.xml
+deleted file mode 100644
+index d43eb62..0000000
+--- a/man/network-route-static.xml
++++ /dev/null
+@@ -1,183 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-route-static">
+- <refentryinfo>
+- <title>network-route-static</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-route-static</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-route-static</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network route static <arg choice="plain">COMMAND</arg></command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The <command>route static</command> helps to manage static routes.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>add <replaceable>NETWORK</replaceable> [<option>--gateway=GATEWAY</option>, <option>--unreachable</option>, <option>--prohibit</option>, <option>--blackhole</option>] [<option>--mtu=MTU</option>]</command>
+- </term>
+-
+- <listitem>
+- <para>
+- A new route may be added by the <command>add</command> command.
+- It is always required to pass a valid network prefix
+- <replaceable>NETWORK</replaceable>, which can be either
+- IPv6 or IPv4.
+- </para>
+- <para>
+- For unicast routes, the <option>--gateway=GATEWAY</option>
+- option must be passed, where <varname>GATEWAY</varname>
+- is a valid IP address of the same protocol type as the
+- network prefix is.
+- </para>
+- <para>
+- Use <option>--unreachable</option>, <option>--prohibit</option>,
+- <option>--blackhole</option> can be used to create of that
+- type. See <emphasis>ROUTE TYPES</emphasis> below for more
+- information about these options.
+- </para>
+- <para>
+- The optional <option>--mtu=MTU</option> parameter defines the
+- MTU along the path to the destination and must be an integer
+- number. This will show you very detailed information about
+- the given device.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>remove <replaceable>NETWORK</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- A route can be removed with the command.
+- </para>
+- <para>
+- <replaceable>NETWORK</replaceable> is the network prefix
+- of an existing route.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>list [<option>--protocol=ipv6|ipv4</option>]</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Shows a list of all configured routes.
+- </para>
+- <para>
+- Pass the protocol option to filter the output only for the
+- given protocol.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>Route Types</title>
+-
+- <refsect2>
+- <title>unicast</title>
+-
+- <para>
+- A unicast route is the most common route in routing tables.
+- It is a route to a destination network address, which describes
+- the path to the destination.
+- Use the <option>--gateway=GATEWAY</option> option to create such
+- a route.
+- </para>
+- </refsect2>
+-
+- <refsect2>
+- <title>unreachable</title>
+-
+- <para>
+- When a route is determined and the routing decision process
+- returns a destination with an unreachable route type, an ICMP
+- unreachable message is generated and returned to the source
+- address.
+- </para>
+- </refsect2>
+-
+- <refsect2>
+- <title>prohibit</title>
+-
+- <para>
+- This works like an <emphasis>unreachable</emphasis> route, but
+- the returned ICMP message is an ICMP prohibited message.
+- </para>
+- </refsect2>
+-
+- <refsect2>
+- <title>blackhole</title>
+-
+- <para>
+- Packets matching this kind of route are silently discarded.
+- There will be no ICMP message sent to the source and no packet
+- be forwarded.
+- </para>
+- </refsect2>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-route</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>ip-route</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,190 @@
+From daebec37ca3cd19e000d1a9c1a77448d8c155fcd Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 15:47:14 +0200
+Subject: [PATCH 081/304] man: Convert network-settings(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-settings.txt | 44 +++++++++++++++
+ man/network-settings.xml | 118 ---------------------------------------
+ 2 files changed, 44 insertions(+), 118 deletions(-)
+ create mode 100644 man/network-settings.txt
+ delete mode 100644 man/network-settings.xml
+
+diff --git a/man/network-settings.txt b/man/network-settings.txt
+new file mode 100644
+index 0000000..e77f038
+--- /dev/null
++++ b/man/network-settings.txt
+@@ -0,0 +1,44 @@
++= network-settings(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-settings - Change global network settings
++
++== SYNOPSIS
++'network settings'
++'network settings' KEY=VALUE
++
++== DESCRIPTION
++The 'network settings' command may be used to set global settings.
++
++Please have a look at the individual man pages for more options.
++
++== COMMANDS
++If no additional argument is given, running the command will dump a list of
++all settings variables and their current values.
++
++You may set a new value by adding the variable name and the new
++value to the command line.
++
++== VARIABLES
++
++'DEBUG=[true|_false_]'::
++ The DEBUG will control whether debug logging is enabled or not.
++ Additionally to writing debug log messages to the log files, the messages
++ will be displayed on the console as well.
++
++'WIRELESS_REGULATORY_DOMAIN=_00_'::
++ The wireless regulatory domain is set globally for the entire system with
++ the WIRELESS_REGULATORY_DOMAIN setting.
++ +
++ The default is '00' which is the _world_ setting.
++ +
++ Valid values are country codes for countries which have their own
++ regulatory domain.
++
++== AUTHORS
++Michael Tremer
++
++== SEE ALSO
++link:network[8],
++link:network-dns-server[8]
+diff --git a/man/network-settings.xml b/man/network-settings.xml
+deleted file mode 100644
+index 7d1c70d..0000000
+--- a/man/network-settings.xml
++++ /dev/null
+@@ -1,118 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-settings">
+- <refentryinfo>
+- <title>network-settings</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-settings</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-settings</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network settings</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>network settings <replaceable>KEY=VALUE</replaceable></command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The <command>network settings</command> command may be used to set
+- global settingsuration options.
+- </para>
+- <para>
+- Please have a look at the individual man pages for more options.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- If no additional argument is given, running the command will
+- dump a list of all settingsuration variables and their current values.
+- </para>
+-
+- <para>
+- You may set a new value by adding the variable name and the new
+- value to the command line.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Variables</title>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <varname>DEBUG</varname>=[<emphasis>0</emphasis>|1]
+- </term>
+-
+- <listitem>
+- <para>
+- The <varname>DEBUG</varname> will control whether debug
+- logging is enabled or not. Additionally to writing debug
+- log messages to the log files, the messages will be displayed
+- on the console as well.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <varname>WIRELESS_REGULATORY_DOMAIN</varname>=<emphasis>00</emphasis>
+- </term>
+-
+- <listitem>
+- <para>
+- The wireless regulatory domain is set globally for the
+- entire system with the <varname>WIRELESS_REGULATORY_DOMAIN</varname>
+- setting. The default is <emphasis>00</emphasis> which
+- is the <emphasis>world</emphasis> setting.
+- Valid values are country codes for countries which have their
+- own regulatory domain.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-dns-server</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,135 @@
+From 9848b81e6e8c2732920d9a7a115110723e2b07bb Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 15:59:21 +0200
+Subject: [PATCH 082/304] man: Convert network-vpn(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-vpn.txt | 26 +++++++++++++++
+ man/network-vpn.xml | 81 ---------------------------------------------
+ 2 files changed, 26 insertions(+), 81 deletions(-)
+ create mode 100644 man/network-vpn.txt
+ delete mode 100644 man/network-vpn.xml
+
+diff --git a/man/network-vpn.txt b/man/network-vpn.txt
+new file mode 100644
+index 0000000..5a905db
+--- /dev/null
++++ b/man/network-vpn.txt
+@@ -0,0 +1,26 @@
++= network-vpn(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-vpn - Configure Virtual Private Networks
++
++== SYNOPSIS
++'network vpn' COMMAND ...
++
++== DESCRIPTION
++The 'vpn' command allows to create, delete, edit and show the status of VPN
++connections and the configuration around it.
++
++== COMMANDS
++The following commands are understood:
++
++'security-policies' ...::
++ Use this command to manage security policies.
++ +
++ See link:network-vpn-security-policies[8] for details.
++
++== AUTHORS
++Michael Tremer
++
++== SEE ALSO
++link:network[8]
+diff --git a/man/network-vpn.xml b/man/network-vpn.xml
+deleted file mode 100644
+index d71d14a..0000000
+--- a/man/network-vpn.xml
++++ /dev/null
+@@ -1,81 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-vpn">
+- <refentryinfo>
+- <title>network-vpn</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-vpn</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-vpn</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network <arg choice="plain">vpn</arg> <arg choice="plain">command</arg> ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The <command>vpn</command> command allows to create, delete, edit
+- and show the status of VPN connections and the configuration around it.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>security-policies ...</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Use this command to manage security policies.
+- See <citerefentry>
+- <refentrytitle>network-vpn-security-policies</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry> for details.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,453 @@
+From 0a31681e96ee9ed656bf5ce531d4057079a897be Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 16:30:26 +0200
+Subject: [PATCH 083/304] man: Convert network-vpn-security-policies(8) to
+ asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-vpn-security-policies.txt | 111 +++++++++
+ man/network-vpn-security-policies.xml | 313 --------------------------
+ 2 files changed, 111 insertions(+), 313 deletions(-)
+ create mode 100644 man/network-vpn-security-policies.txt
+ delete mode 100644 man/network-vpn-security-policies.xml
+
+diff --git a/man/network-vpn-security-policies.txt b/man/network-vpn-security-policies.txt
+new file mode 100644
+index 0000000..f9dc91a
+--- /dev/null
++++ b/man/network-vpn-security-policies.txt
+@@ -0,0 +1,111 @@
++= network-vpn-security-policies(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-vpn-security-policies - Configure VPN Security Policies
++
++== SYNOPSIS
++[verse]
++'network vpn security-policies [new|destroy]' NAME...
++'network vpn security-policies' NAME COMMAND ...
++
++== DESCRIPTION
++With help of the 'vpn security-policies', it is possible to create, destroy
++and edit VPN security policies.
++
++A security policy is a definition of ciphers and algorithms for integrity
++and key-exchanges for VPN connections.
++
++== COMMANDS
++The following commands are understood:
++
++'new NAME'::
++ A new security policy may be created with the 'new' command.
++ +
++ NAME does not allow any spaces.
++
++'destroy NAME'::
++ A security policy can be destroyed with this command.
++ +
++ If the policy is still in use, it cannot be deleted.
++
++For all other commands, the name of the security policy needs to be passed first:
++
++'NAME show'::
++ Shows the configuration of the security policy.
++
++'NAME key-exchange' [IKEv2|IKEv1]::
++ Defines the key exchange algorithm that should be used to initiate an
++ IPsec VPN connection.
++
++'NAME ciphers' [CIPHER-LIST|+CIPHER ...|-CIPHER ...]::
++ This command allows modifying the cipher list.
++ A new CIPHER-LIST can be passed which will replace the current configuration.
++ Alternatively, new ciphers can be added by prepending a + sign to the cipher
++ name and can removed likewise using -.
++ +
++ A cipher is an algorithm that encrypts and decrypts data to be able to
++ transmit it over an insecure channel.
++
++'NAME integrities' [INTEGRITY-LIST|+INTEGRITY ...|-INTEGRITY ...]::
++ This command allows modifying the integrity list similar to the
++ 'ciphers' command.
++ +
++ Integrity algorithms are used to be able to determine if data has been
++ altered when being transferred over an untrusted channel.
++
++'NAME pseudo-random-functions' [PSEUDO-RANDOM-FUNCTION-LIST|+PSEUDO-RANDOM-FUNCTION...|-PSEUDO-RANDOM-FUNCTION]::
++ This command allows modifying the list of pseudo random functions
++ similar to the 'ciphers' command.
++ +
++ These functions are used in combination with an AEAD cipher only.
++
++'NAME group-types' [GROUP-TYPES-LIST|+GROUP-TYPE ...|-GROUP-TYPE]::
++ This command allows modifying the list of group types similar to the
++ 'ciphers' command.
++ +
++ These algorithms are used to negotiate a shared secret of an insecure channel.
++
++'NAME pfs' [on|off]::
++ This command allows to enable or disable Perfect Forward Secrecy (PFS).
++ If PFS is enabled, the encrypted channels of a VPN connection will be
++ renegotiated regularly to avoid that the same keys are used for too long.
++ If an attacker is able to obtain a key that was used to encrypt the
++ data, it is only possible to decrypt a certain amount of data.
++ +
++ It is strongly recommended to enable PFS at all times.
++
++'NAME lifetime' LIFETIME::
++ This command allows to define how often the VPN connection is
++ renegotiated if PFS is enabled.
++
++'NAME compression' [on|off]::
++ This command allows to enable or disable compression.
++ If compression is enabled, all data is being compressed before being
++ sent through the VPN.
++ This setting is ignored if the peer does not support this.
++
++== System Policies
++
++The system comes with builtin policies that cannot be modified by the user.
++They are intended to provide good defaults for various situations.
++
++[horizontal]
++'system'::
++ This policy is the default for every VPN connection and allows using
++ all ciphers, integrity and key-exchange algorithms that are recommended
++ to use and have not been proven or assumed to be broken, yet.
++ +
++ Over time, this policy will change whenever an algorithm has been broken
++ and is not recommended to be used any more.
++
++'performance'::
++ This policy is recommended to be used on systems that are not very powerful.
++ Algorithms with smaller key lengths, but still considered to be secure
++ are being used.
++
++System policies cannot be deleted.
++
++== SEE ALSO
++link:network[8],
++link:network-vpn[8]
+diff --git a/man/network-vpn-security-policies.xml b/man/network-vpn-security-policies.xml
+deleted file mode 100644
+index 40e6213..0000000
+--- a/man/network-vpn-security-policies.xml
++++ /dev/null
+@@ -1,313 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-zone">
+- <refentryinfo>
+- <title>network-vpn-security-policies</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-vpn-security-policies</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-vpn-security-policies</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network vpn security-policies <arg choice="plain">[new|destroy]</arg> <replaceable>NAME</replaceable> ...</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>network vpn security-policies <replaceable>NAME</replaceable> <arg choice="plain">command</arg> ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- With help of the <command>vpn security-policies</command>, it is possible
+- to create, destroy and edit VPN security policies.
+- </para>
+- <para>
+- A security policy is a definition of ciphers and algorithms for integrity
+- and key-exchanges for VPN connections.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>new <replaceable>NAME</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- A new security policy may be created with the
+- <command>new</command> command.
+- </para>
+-
+- <para>
+- <replaceable>NAME</replaceable> does not allow any spaces.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>destroy <replaceable>NAME</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- A security policy can be destroyed with this command.
+- </para>
+- <para>
+- If the policy is still in use, it cannot be deleted.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+-
+- <para>
+- For all other commands, the name of the security policy needs to be passed first:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command><replaceable>NAME</replaceable> show</command>
+- </term>
+-
+- <listitem>
+- <para>
+- Shows the configuration of the security policy.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>NAME</replaceable> key-exchange <replaceable>[IKEv2|IKEv1]</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- Defines the key exchange algorithm that should be used to
+- initiate an IPsec VPN connection.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>NAME</replaceable> ciphers <replaceable>[CIPHER-LIST|+CIPHER ...|-CIPHER ...]</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows modifying the cipher list.
+- </para>
+-
+- <para>
+- A new <replaceable>CIPHER-LIST</replaceable> can be passed
+- which will replace the current configuration.
+- Alternatively, new ciphers can be added by prepending a
+- + sign to the cipher name and can removed likewise
+- using -.
+- </para>
+-
+- <para>
+- A cipher is an algorithm that encrypts and decrypts data
+- to be able to transmit it over an insecure channel.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>NAME</replaceable> integrities <replaceable>[INTEGRITY-LIST|+INTEGRITY ...|-INTEGRITY ...]</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows modifying the integrity list
+- similar to the <command>ciphers</command> command.
+- </para>
+-
+- <para>
+- Integrity algorithms are used to be able to determine
+- if data has been altered when being transfered over
+- an untrusted channel.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>NAME</replaceable> pseudo-random-functions <replaceable>[PSEUDO-RANDOM-FUNCTION-LIST|+PSEUDO-RANDOM-FUNCTION...|-PSEUDO-RANDOM-FUNCTION]</replaceable>
+- </command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows modifying the list of pseudo random functions
+- similar to the <command>ciphers</command> command.
+- </para>
+-
+- <para>
+- These functions are used in combination with an AEAD cipher only.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>NAME</replaceable> group-types <replaceable>[GROUP-TYPES-LIST|+GROUP-TYPE ...|-GROUP-TYPE]</replaceable>
+- </command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows modifying the list of group types
+- similar to the <command>ciphers</command> command.
+- </para>
+-
+- <para>
+- These algorithms are used to negotiate a shared secret
+- of an insecure channel.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>NAME</replaceable> pfs <replaceable>[on|off]</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows to enable or disable Perfect Forward Secrecy (PFS).
+- </para>
+-
+- <para>
+- If PFS is enabled, the encrypted channels of a VPN connection will be
+- renegotiated regularly to avoid that the same keys are used for too long.
+- If an attacker is able to obtain a key that was used to encrypt the
+- data, it is only possible to decrypt a certain amount of data.
+- </para>
+-
+- <para>
+- It is strongly recommended to enable PFS at all times.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>NAME</replaceable> lifetime <replaceable>LIFETIME</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows to define how often the VPN connection is
+- renegotiated if PFS is enabled.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>NAME</replaceable> compression <replaceable>[on|off]</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows to enable or disable compression.
+- </para>
+-
+- <para>
+- If compression is enabled, all data is being compressed before being
+- sent through the VPN.
+- This setting is ignored if the peer does not support this.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>System Policies</title>
+-
+- <para>
+- The system comes with builtin policies that cannot be modified by the user.
+- They are intended to provide good defaults for various situations.
+- </para>
+-
+- <refsect2>
+- <title>system</title>
+-
+- <para>
+- This policy is the default for every VPN connection and allows using
+- all ciphers, integrity and key-exchange algorithms that are recommended
+- to use and have not been proven or assumed to be broken, yet.
+- </para>
+-
+- <para>
+- Over time, this policy will change whenever an algorithm has been broken
+- and is not recommended to be used any more.
+- </para>
+- </refsect2>
+-
+- <refsect2>
+- <title>performance</title>
+-
+- <para>
+- This policy is recommended to be used on systems that are not very powerful.
+- Algorithms with smaller key lengths, but still considered to be secure
+- are being used.
+- </para>
+- </refsect2>
+-
+- <para>
+- System policies cannot be deleted.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-vpn</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,375 @@
+From 357723e90cb0f700c4315b6016543db4230df5fb Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 16:46:07 +0200
+Subject: [PATCH 084/304] man: Convert network-zone(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/include-color.txt | 2 +-
+ man/include-description.txt | 2 +-
+ man/network-zone.txt | 73 +++++++++++
+ man/network-zone.xml | 247 ------------------------------------
+ 4 files changed, 75 insertions(+), 249 deletions(-)
+ create mode 100644 man/network-zone.txt
+ delete mode 100644 man/network-zone.xml
+
+diff --git a/man/include-color.txt b/man/include-color.txt
+index 073c01b..4b417a5 100644
+--- a/man/include-color.txt
++++ b/man/include-color.txt
+@@ -1,7 +1,7 @@
+ 'color set <color>'::
+ The color is set with this command and required to be passed in
+ RGB hex formatting
+-
++ +
+ NOTE: The color is being used to make identification of network devices
+ easier on the command line and web user interface.
+
+diff --git a/man/include-description.txt b/man/include-description.txt
+index a39ba55..49bac64 100644
+--- a/man/include-description.txt
++++ b/man/include-description.txt
+@@ -1,6 +1,6 @@
+ 'description edit'::
+ This command opens an editor and allows you to edit title and description.
+-
++ +
+ NOTE: The formation of the description is similar to a git commit.
+ Every description has a title, the first line of the description.
+ The title is shown on the status page and in the web user interface.
+diff --git a/man/network-zone.txt b/man/network-zone.txt
+new file mode 100644
+index 0000000..88a1988
+--- /dev/null
++++ b/man/network-zone.txt
+@@ -0,0 +1,73 @@
++= network-zone(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-zone - Manage network zones
++
++== SYNOPSIS
++[verse]
++'network zone [new|destroy]' ZONE
++'network zone' ZONE ...
++
++== DESCRIPTION
++With help of the 'zone' command, it is very easy to configure network zones.
++
++It is possible to create zones and remove them. Zones may also be brought up
++and down and reconfigured. Their status may be viewed as well.
++
++== COMMANDS
++The following commands are understood:
++
++'new ZONE HOOK OPTIONS'::
++ A new zone may be created by the 'create' command.
++ There are at least two arguments required.
++ +
++ ZONE must be valid name for a zone which does not already exist.
++ HOOK is a valid zone hook which may require additional options.
++
++'destroy ZONE'::
++ A zone can be destroyed with this command.
++ +
++ There are two possible ways to remove a zone. The case is when the zone is
++ not up. Then, it will be removed immediately. When the zone is current up
++ and used, it will tagged to be remove later, after it has been brought down.
++
++For all other commands, the name of the zone needs to be passed first:
++
++'edit OPTIONS'::
++ The settings of a zone may be edited after it has been created.
++ The options that can be passed depend on the hook that is used for the zone.
++ Run 'network zone ZONE edit --help' to learn more about that.
++ +
++ It usually is required to restart/reload the zone until the new settings
++ are taken into account.
++
++'[up|down]'::
++ These commands will bring the zone up/down. This is done without control
++ of systemd, therefore not intended to be done in a productive environment.
++ However, these commands may be used for debugging.
++
++'[enable|disable]'::
++ These commands will enable or disable the zone. An enabled zone will
++ automatically be started either during the boot process or a hotplug event
++ of an associated port or other device.
++
++'status'::
++ This will show some detailed information about the state if the specified zone.
++
++include::include-color.txt[]
++
++include::include-description.txt[]
++
++'identify'::
++ This command will make all ports of the zone flash for a few seconds so
++ that you can identify the correct network adapters in the system.
++
++'rename' NAME::
++ Renames the zone to NAME.
++ +
++ The command will shut down the zone if it is up and start it again with
++ the new name. If the zone is not up it won't be started.
++
++== SEE ALSO
++link:network[8]
+diff --git a/man/network-zone.xml b/man/network-zone.xml
+deleted file mode 100644
+index 99fa8b8..0000000
+--- a/man/network-zone.xml
++++ /dev/null
+@@ -1,247 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-zone">
+- <refentryinfo>
+- <title>network-zone</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-zone</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network zone <arg choice="plain">[new|destroy]</arg> <replaceable>ZONE</replaceable> ...</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>network zone <replaceable>ZONE</replaceable> <arg choice="plain">command</arg> ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- With help of the <command>zone</command> command, it is very easy to
+- configure network zones.
+- </para>
+- <para>
+- It is possible to create zones and remove them. Zones may also
+- be brought up and down and reconfigured. Their status may be viewed
+- as well.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Commands</title>
+-
+- <para>
+- The following commands are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command>new <replaceable>ZONE</replaceable> <replaceable>HOOK</replaceable> <arg choice="opt" rep="repeat">OPTIONS</arg></command>
+- </term>
+-
+- <listitem>
+- <para>
+- A new zone may be created by the <command>create</command>
+- command. There are at least two arguments required.
+- </para>
+- <para>
+- <replaceable>ZONE</replaceable> must be valid name for a
+- zone which does not already exist.
+- <replaceable>HOOK</replaceable> is a valid zone hook which
+- may require additional options.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command>destroy <replaceable>ZONE</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- A zone can be destroyed with this command.
+- </para>
+- <para>
+- There are two possible ways to remove a zone. The case
+- is when the zone is not up. Then, it will be removed
+- immediately. When the zone is current up and used, it
+- will tagged to be remove later, after it has been brought
+- down.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+-
+- <para>
+- For all other commands, the name of the zone needs to be passed first:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <command><replaceable>ZONE</replaceable> edit <arg choice="opt" rep="repeat">OPTIONS</arg></command>
+- </term>
+-
+- <listitem>
+- <para>
+- The settings of a zone may be edited after it has been created.
+- The options that can be passed depend on the hook that is used
+- for the zone.
+- Run <command>network zone <replaceable>ZONE</replaceable> edit --help</command>
+- to learn more about that.
+- </para>
+- <para>
+- It usually is required to restart/reload the zone until
+- the new settings are taken into account.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>ZONE</replaceable> [up|down]</command>
+- </term>
+-
+- <listitem>
+- <para>
+- These commands will bring the zone up/down. This is done
+- without control of systemd, therefore not intended to be
+- done in a productive environment.
+- However, these commands may be used for debugging.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>ZONE</replaceable> [enable|disable]</command>
+- </term>
+-
+- <listitem>
+- <para>
+- These commands will enable or disable the zone. An enabled
+- zone will automatically be started either during the boot process
+- or a hotplug event of an associated port or other device.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>ZONE</replaceable> status</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This will show some detailed information about the state
+- if the specified zone.
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>
+- <command><replaceable>ZONE</replaceable> color</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command allows settings a color for a zone.
+- See
+- <citerefentry>
+- <refentrytitle>network-color</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- for more information.
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>
+- <command><replaceable>ZONE</replaceable>description</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command make is possible to add a description to a zone.
+- See
+- <citerefentry>
+- <refentrytitle>network-description</refentrytitle>
+- <manvolnum>8</manvolnum>,
+- </citerefentry>
+- for more information.
+- </para>
+- </listitem>
+- </varlistentry>
+- <varlistentry>
+- <term>
+- <command><replaceable>ZONE</replaceable> identify</command>
+- </term>
+-
+- <listitem>
+- <para>
+- This command will make all ports of the zone flash for
+- a few seconds so that you can identify the correct network
+- adapters in the system.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <command><replaceable>ZONE</replaceable> rename <replaceable>NAME</replaceable></command>
+- </term>
+-
+- <listitem>
+- <para>
+- Renames the zone to <replaceable>NAME</replaceable>.
+- </para>
+- <para>
+- The command will shut down the zone if it is up and
+- start it again with the new name. If the zone is not
+- up it won't be started.
+- </para>
+- <para>
+- Zones that are marked to be destroyed cannot be renamed.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,255 @@
+From 010f24cfc6e363815ae6a408a16e8b07c069c1a7 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 16:59:10 +0200
+Subject: [PATCH 085/304] man: Convert network-zone-bridge(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-zone-bridge.txt | 55 ++++++++++++
+ man/network-zone-bridge.xml | 172 ------------------------------------
+ 2 files changed, 55 insertions(+), 172 deletions(-)
+ create mode 100644 man/network-zone-bridge.txt
+ delete mode 100644 man/network-zone-bridge.xml
+
+diff --git a/man/network-zone-bridge.txt b/man/network-zone-bridge.txt
+new file mode 100644
+index 0000000..2e4f839
+--- /dev/null
++++ b/man/network-zone-bridge.txt
+@@ -0,0 +1,55 @@
++= network-zone-bridge(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-zone-bridge - Manage network zones
++
++== SYNOPSIS
++[verse]
++'network zone new ZONE bridge' ...
++'network zone ZONE edit' ...
++
++== DESCRIPTION
++The bridge hook creates an ethernet bridge which acts as an unmanaged network
++switch. It contains one or multiple physical network interfaces or virtual
++devices which will be connected to each other.
++
++The bridge hook is the preferred hook for local area network zones which are
++connected to an ethernet network.
++
++== OPTIONS
++The following options are understood:
++
++'--address=ADDRESS'::
++ By this option, you may define the MAC address of the bridge. If this option
++ is missing, a random MAC address will be generated.
++
++'--mtu=MTU'::
++ Sets the default MTU of the bridge.
++ All ports in the bridge must support this MTU value.
++
++'--stp=[_on_|off]'::
++ This option enables or disables use of the _Spanning Tree Protocol_ (STP).
++ This protocol is used to avoid loops in networks by dynamically disabling
++ packet forwarding on links.
++ +
++ It is highly recommended to leave this option enabled when you add more
++ than one device to the zone. Read below how the behaviour of STP can be changed.
++
++Spanning Tree Protocol (802.1D) configuration options:
++
++'--stp-forward-delay=_0_'::
++ This sets the default time the interfaces are hold off after they have been
++ added to a bridge. The default value is 0.
++
++'--stp-hello=_2_'::
++ This option defines how often a hello message should be sent. The value is
++ given in seconds and the default is 2.
++
++'--stp-priority=512'::
++ The STP priority sets the ranking of this network device within the network.
++ The bridge with the best rank (0 is best) will become the root bridge.
++
++== SEE ALSO
++link:network[8],
++link:network-zone[8]
+diff --git a/man/network-zone-bridge.xml b/man/network-zone-bridge.xml
+deleted file mode 100644
+index a77118b..0000000
+--- a/man/network-zone-bridge.xml
++++ /dev/null
+@@ -1,172 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-zone-bridge">
+- <refentryinfo>
+- <title>network-zone-bridge</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-zone-bridge</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-zone-bridge</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network zone new <replaceable>ZONE</replaceable> bridge ...</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>network zone <replaceable>ZONE</replaceable> edit ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The bridge hook creates an ethernet bridge which acts as an unmanaged network
+- switch. It contains one or multiple phyisical network interfaces or virtual
+- devices which will be connected to each other.
+- </para>
+- <para>
+- The bridge hook is the prefered hook for local area network zones which are
+- connected to an ethernet network.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Options</title>
+-
+- <para>
+- The following options are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <option>--stp=[<emphasis>on</emphasis>|off]</option>
+- </term>
+-
+- <listitem>
+- <para>
+- This option enables or disable the use of the
+- <emphasis>Spanning Tree Protocol</emphasis> (STP).
+- This protocol is used to avoid loops in networks by
+- dynamically disabling packet forwarding on links.
+- </para>
+- <para>
+- It is highly recommended to leave this option enabled
+- when you add more than one device to the zone.
+- Read below how the behaviour of STP can be changed.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--mtu=<replaceable>MTU</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the default MTU of the bridge.
+- All ports in the bridge must support this MTU value.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--address=<replaceable>ADDRESS</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- By this option, you may define the MAC address of the
+- bridge. If this option is missing, a random MAC address
+- will be generated.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+-
+- <para>
+- Spanning Tree Protocol (802.1D) configuration options:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <option>--stp-forward-delay=<replaceable>0</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- This sets the default time the interfaces are hold off
+- after they have been added to a bridge.
+- The default value is 0.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--stp-hello=<replaceable>2</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- This option defines how often a hello message should be
+- sent. The value is given in seconds and the default is 2.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--stp-priority=<replaceable>512</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- The STP priority sets the ranking of this network device
+- within the network. The bridge with the best rank
+- (0 is best) will become the root bridge.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,222 @@
+From 718371b565fdb93719f68b5a2dcf719dd57a4e93 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 17:15:50 +0200
+Subject: [PATCH 086/304] man: Convert network-zone-config-pppoe-server(8) to
+ asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-zone-config-pppoe-server.txt | 50 ++++++++
+ man/network-zone-config-pppoe-server.xml | 143 -----------------------
+ 2 files changed, 50 insertions(+), 143 deletions(-)
+ create mode 100644 man/network-zone-config-pppoe-server.txt
+ delete mode 100644 man/network-zone-config-pppoe-server.xml
+
+diff --git a/man/network-zone-config-pppoe-server.txt b/man/network-zone-config-pppoe-server.txt
+new file mode 100644
+index 0000000..72dff8e
+--- /dev/null
++++ b/man/network-zone-config-pppoe-server.txt
+@@ -0,0 +1,50 @@
++= network-zone-config-pppoe-server(8)
++
++== NAME
++network-zone-config-pppoe-server - PPPoE Server Settings
++
++== SYNOPSIS
++[verse]
++`network zone ZONE config create pppoe-server ...`
++`network zone ZONE config pppoe-server edit ...`
++
++== DESCRIPTION
++This configuration hook enables a **PPPoE Server** on a zone.
++
++== OPTIONS
++The following options are understood:
++
++`--subnet=SUBNET`::
++ The `--subnet` option defines an IPv4 pool of which IP addresses are
++ assigned to the remote hosts. The first address of the subnet will be used
++ for the gateway which is the PPPoE server itself.
++ +
++ The subnet must at least have two IP addresses.
++
++`--mtu=MTU`::
++ Set the required MTU (Maximum Transmission Unit) for the PPP connection.
++ The default value is 1492 bytes which is a common MTU for DSL connections.
++
++`--service-name=SERVICE NAME`::
++ This option receives a string which will be used as the service name. The
++ service name is sent out to the clients and used for identification but
++ not authorisation purposes.
++ +
++ The default is an empty value.
++
++`--max-sessions=0`::
++ Limit the number of sessions that may be established by the same MAC address.
++ This must be a positive number.
++ 0 permits an unlimited number of sessions per MAC address.
++
++== EXAMPLES
++
++This command creates a PPPoE server that will assign an IP address from the
++192.168.0.0/16 subnet:
++
++ network zone net0 config create pppoe-server --subnet=192.168.0.0/16
++
++== SEE ALSO
++link:network[8],
++link:network-zone[8],
++link:network-zone-config[8]
+diff --git a/man/network-zone-config-pppoe-server.xml b/man/network-zone-config-pppoe-server.xml
+deleted file mode 100644
+index e6d497e..0000000
+--- a/man/network-zone-config-pppoe-server.xml
++++ /dev/null
+@@ -1,143 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-zone-config-pppoe-server">
+- <refentryinfo>
+- <title>network-zone-config-pppoe-server</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-zone-config-pppoe-server</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-zone-config-pppoe-server</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network zone <replaceable>ZONE</replaceable> config create pppoe-server ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- This configuration hook enables a <emphasis>PPPoE server</emphasis>
+- functionality to a zone which is of an ethernet-like type.
+- </para>
+- <para>
+- The PPPoE server is mostly for development purpose and performs pretty
+- well. However, it is not recommended to use it in production environments.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Options</title>
+-
+- <para>
+- The following options are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <option>--subnet=<replaceable>SUBNET</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- The <option>--subnet</option> option defines an IPv4 pool
+- of which IP addresses are assigned to the remote hosts.
+- The first address of the subnet will be used for the
+- gateway which is the PPPoE server itself.
+- </para>
+- <para>
+- The subnet must at least have two IP addresses.
+- Broadcast and network addresses will be used as well.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--mtu=<replaceable>MTU</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Set the required MTU (Maximum Transmission Unit) for
+- the PPP connection.
+- </para>
+- <para>
+- The default value is 1492 bytes which is a common MTU for
+- DSL connections.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--service-name=<replaceable>STRING</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- This options receives a string which will be used as the
+- service name. The service name is sent out to the clients
+- and used for identification but not authorization purposes.
+- </para>
+- <para>
+- The default is an empty value.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--max-sessions=<emphasis>0</emphasis></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Limit the max. number of sessions that may be established
+- by the same MAC address.
+- </para>
+- <para>
+- This must be a positive number. 0 permits an unlimited
+- number of sessions per MAC address.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone-config</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,184 @@
+From 6e94de3efa35088eb322ced2653efeec5f5c29fd Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 17:23:07 +0200
+Subject: [PATCH 087/304] man: Convert network-zone-ip-tunnel(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-zone-ip-tunnel.txt | 35 ++++++++++
+ man/network-zone-ip-tunnel.xml | 121 ---------------------------------
+ 2 files changed, 35 insertions(+), 121 deletions(-)
+ create mode 100644 man/network-zone-ip-tunnel.txt
+ delete mode 100644 man/network-zone-ip-tunnel.xml
+
+diff --git a/man/network-zone-ip-tunnel.txt b/man/network-zone-ip-tunnel.txt
+new file mode 100644
+index 0000000..cb30731
+--- /dev/null
++++ b/man/network-zone-ip-tunnel.txt
+@@ -0,0 +1,35 @@
++= network-zone-ip-tunnel(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-zone-ip-tunnel - Manage IP Tunnels
++
++== SYNOPSIS
++[verse]
++`network zone new ZONE ip-tunnel ...`
++`network zone ZONE edit ...`
++
++== DESCRIPTION
++The ip-tunnel hook is used to create IP tunnels that use protocols like GRE to
++encapsulate IP packets.
++
++== OPTIONS
++The following options are understood:
++
++`--mode=MODE`::
++ Sets the protocol that is being used to encapsulate IP packets.
++ Currently only **GRE** is supported.
++
++`--peer=PEER`::
++ The address of the peer that terminates the remote end of this tunnel.
++ +
++ If left empty, connections from any IP address will be accepted.
++
++`--local-address=LOCAL-ADDRESS`::
++ The local IP address the tunnel originates from.
++ +
++ This is optional and if unset a useful default will be used.
++
++== SEE ALSO
++link:network[8],
++link:network-zone[8]
+diff --git a/man/network-zone-ip-tunnel.xml b/man/network-zone-ip-tunnel.xml
+deleted file mode 100644
+index a1cc257..0000000
+--- a/man/network-zone-ip-tunnel.xml
++++ /dev/null
+@@ -1,121 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-zone-ip-tunnel">
+- <refentryinfo>
+- <title>network-zone-ip-tunnel</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-zone-ip-tunnel</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-zone-ip-tunnel</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network zone new <replaceable>ZONE</replaceable> ip-tunnel ...</command>
+- </cmdsynopsis>
+-
+- <cmdsynopsis>
+- <command>network zone <replaceable>ZONE</replaceable> edit ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The ip-tunnel hook is used to create IP tunnels that use protocols
+- like GRE to encapsulate IP packets.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Options</title>
+-
+- <para>
+- The following options are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <option>--mode=<replaceable>MODE</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the protocol that is being used to encapsulate
+- IP packets.
+- Currently only <replaceable>gre</replaceable> is supported.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--peer=<replaceable>PEER</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- The address of the peer that terminates the remote
+- end of this tunnel.
+- </para>
+-
+- <para>
+- If left empty, connections from any IP address will
+- be accepted.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--local-address=<replaceable>LOCAL-ADDRESS</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- The local IP address the tunnel originates from.
+- </para>
+-
+- <para>
+- This is optional and if unset a useful default will be used.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,329 @@
+From 23eec7d08e289749759927bcf4c2387cbfcbdce2 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 17:34:10 +0200
+Subject: [PATCH 088/304] man: Convert network-zone-modem(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-zone-modem.txt | 66 +++++++++++
+ man/network-zone-modem.xml | 235 -------------------------------------
+ 2 files changed, 66 insertions(+), 235 deletions(-)
+ create mode 100644 man/network-zone-modem.txt
+ delete mode 100644 man/network-zone-modem.xml
+
+diff --git a/man/network-zone-modem.txt b/man/network-zone-modem.txt
+new file mode 100644
+index 0000000..6b09622
+--- /dev/null
++++ b/man/network-zone-modem.txt
+@@ -0,0 +1,66 @@
++= network-zone-modem(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-zone-modem - Configure serial modems
++
++== SYNOPSIS
++[verse]
++`network zone new ZONE modem ...`
++
++== DESCRIPTION
++The modem hook uses a serial interface to establish a PPP session to an Internet
++Service Provider. This method is used by 56k modems and mobile networks like
++LTE, GSM and 3G.
++
++== OPTIONS
++The following options are understood:
++
++`--device=DEVICE`::
++ Sets the serial device that is used to connect. Example: /dev/ttyUSB0
++
++`--monitor-device=DEVICE`::
++ The optional monitor device is used to collect status information like
++ signal strength and link quality while the connection is established.
++
++`--imsi=IMSI`::
++ Set the IMSI of the SIM card inside the wireless modem to identify it when
++ it is plugged in at runtime.
++
++`--pin=PIN`::
++ The PIN number of the SIM card.
++ This will be used to unlock the SIM card when it is locked.
++
++`--apn=APN`::
++ Sets the Access Point Name (APN) that the modem connects to.
++
++`--phone-number=PHONE-NUMBER`::
++ Sets the phone number that is dialled by the modem when the connection is
++ to be established.
++
++`--username=USERNAME`::
++ Sets the username for authentication.
++
++`--password=PASSWORD`::
++ Sets the password for authentication.
++ +
++ Use the `--auth=` option to transmit it in a secure manner to the provider.
++
++`--baudrate=921600`::
++ The baudrate for the serial link to the modem.
++
++`--mtu=N`::
++ Sets the default MTU of the PPP connection.
++
++`--auth=[chap|pap]`::
++ Define the authentication method that is used to authenticate against your
++ provider. The default is to use the provider's preference.
++
++ * _Challange-Handshake Authentication Protocol_ (`chap`) is the preferred,
++ secure method.
++ * _Password Authentication Protocol_ (`pap`) sends the plaintext password
++ to the authentication server which is the reason why it should be avoided.
++
++== SEE ALSO
++link:network[8],
++link:network-zone[8]
+diff --git a/man/network-zone-modem.xml b/man/network-zone-modem.xml
+deleted file mode 100644
+index 97a1d35..0000000
+--- a/man/network-zone-modem.xml
++++ /dev/null
+@@ -1,235 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-zone-modem">
+- <refentryinfo>
+- <title>network-zone-modem</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-zone-modem</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-zone-modem</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network zone new <replaceable>ZONE</replaceable> modem ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The modem hook uses a serial interface to establish a PPP session to an
+- Internet Service Provider. This method is used by 56k modems and mobile
+- networks like LTE, GSM and 3G.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Options</title>
+-
+- <para>
+- The following options are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <option>--device=<replaceable>DEVICE</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the serial device that is used to connect.
+- </para>
+- <para>
+- Example: /dev/ttyUSB0
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--monitor-device=<replaceable>DEVICE</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- The optional monitor device is used to collect status
+- information like signal strength and link quality while
+- the connection is established.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--imsi=<replaceable>IMSI</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Set the IMSI of the SIM card inside the wireless modem
+- to identify it when it is plugged in at runtime.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--pin=<replaceable>PIN</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- The PIN number of the SIM card.
+- </para>
+- <para>
+- This will be used to unlock the SIM card when it
+- is locked.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--apn=<replaceable>APN</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the Access Point Name (<replaceable>APN</replaceable>)
+- that the modem connects to.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--phone-number=<replaceable>PHONE-NUMBER</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the phone number that is dialed by the modem when
+- the connection is to be established.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--username=<replaceable>USERNAME</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the username for authentication.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--password=<replaceable>PASSWORD</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the password for authentication.
+- </para>
+- <para>
+- Use the <option>--auth=</option> option to transmit it
+- in a secure manner to the provider.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--baudrate=<emphasis>921600</emphasis></option>
+- </term>
+-
+- <listitem>
+- <para>
+- The baudrate for the serial link to the modem.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--mtu=<emphasis>N</emphasis></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the default MTU of the PPP connection.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--auth=[chap|pap]</option>
+- </term>
+-
+- <listitem>
+- <para>
+- Define the authentication method that is used to
+- authenticate against your provider.
+- The default is to use the provider's preference.
+- </para>
+- <itemizedlist>
+- <listitem>
+- <para>
+- <emphasis>Challange-Handshake Authentication Protocol</emphasis>
+- (chap) is the preferred secure method.
+- </para>
+- </listitem>
+- <listitem>
+- <para>
+- <emphasis>Password Authentication Protocol</emphasis>
+- (pap) sends the plaintext password to the authentication
+- server which is the reason why it should be avoided to use PAP.
+- </para>
+- </listitem>
+- </itemizedlist>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,266 @@
+From d4f0a25cd61fe6a7d0cb711e269e9b75925edf23 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 17:42:10 +0200
+Subject: [PATCH 089/304] man: Convert network-zone-pppoe(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-zone-pppoe.txt | 52 +++++++++++
+ man/network-zone-pppoe.xml | 186 -------------------------------------
+ 2 files changed, 52 insertions(+), 186 deletions(-)
+ create mode 100644 man/network-zone-pppoe.txt
+ delete mode 100644 man/network-zone-pppoe.xml
+
+diff --git a/man/network-zone-pppoe.txt b/man/network-zone-pppoe.txt
+new file mode 100644
+index 0000000..93b55f2
+--- /dev/null
++++ b/man/network-zone-pppoe.txt
+@@ -0,0 +1,52 @@
++= network-zone-pppoe(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-zone-pppoe - PPP over Ethernet
++
++== SYNOPSIS
++[verse]
++`network zone new ZONE pppoe ...`
++
++== DESCRIPTION
++The `pppoe` hook creates a PPPoE connection to your ISP.
++
++== OPTIONS
++The following options are understood:
++
++`--username=USERNAME`::
++ Sets the username for authentication.
++
++`--password=PASSWORD`::
++ Sets the password for authentication.
++ +
++ Use the `--auth=` option to transmit it in a secure manner to the provider.
++
++`--mtu=N`::
++ Sets the default MTU of the PPP connection.
++
++`--auth=[chap|pap]`::
++ Define the authentication method that is used to authenticate against your
++ provider. The default is to use the provider's preference.
++
++ * _Challange-Handshake Authentication Protocol_ (`chap`) is the preferred,
++ secure method.
++ * _Password Authentication Protocol_ (`pap`) sends the plaintext password
++ to the authentication server which is the reason why it should be avoided.
++
++`--access-concentrator=STRING`::
++ By this option, you may define the name of the access concentrator.
++
++`--service-name=STRING`::
++ By this option, you may define the service name.
++
++`--ipv6=[on|off]`::
++ By this option, you may enable or disable IPv6.
++
++`--prefix-delegation=[on|off]`::
++ By this option, you may enable or disable the delegation through your
++ provider of one IPv6 prefix to your system.
++
++== SEE ALSO
++link:network[8],
++link:network-zone[8]
+diff --git a/man/network-zone-pppoe.xml b/man/network-zone-pppoe.xml
+deleted file mode 100644
+index 36c4d0e..0000000
+--- a/man/network-zone-pppoe.xml
++++ /dev/null
+@@ -1,186 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-zone-pppoe">
+- <refentryinfo>
+- <title>network-zone-pppoe</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-zone-pppoe</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-zone-pppoe</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network zone new <replaceable>ZONE</replaceable> pppoe ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The pppoe hook creates a PPPoE connection to your ISP.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Options</title>
+-
+- <para>
+- The following options are understood:
+- </para>
+-
+- <variablelist>
+-
+- <varlistentry>
+- <term>
+- <option>--username=<replaceable>USERNAME</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the username for authentication.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--password=<replaceable>PASSWORD</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the password for authentication.
+- </para>
+- <para>
+- Use the <option>--auth=</option> option to transmit it
+- in a secure manner to the provider.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--mtu=<emphasis>N</emphasis></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Sets the default MTU of the PPP connection.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--auth=[chap|pap]</option>
+- </term>
+-
+- <listitem>
+- <para>
+- Define the authentication method that is used to
+- authenticate against your provider.
+- The default is to use the provider's preference.
+- </para>
+- <itemizedlist>
+- <listitem>
+- <para>
+- <emphasis>Challange-Handshake Authentication Protocol</emphasis>
+- (chap) is the preferred secure method.
+- </para>
+- </listitem>
+- <listitem>
+- <para>
+- <emphasis>Password Authentication Protocol</emphasis>
+- (pap) sends the plaintext password to the authentication
+- server which is the reason why it should be avoided to use PAP.
+- </para>
+- </listitem>
+- </itemizedlist>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--access-concentrator=<replaceable>STRING</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- By this option, you may define the name of the access concentrator.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--service-name=<replaceable>STRING</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- By this option, you may define the service name.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--ipv6=[<emphasis>on</emphasis>|off]</option>
+- </term>
+-
+- <listitem>
+- <para>
+- By this option, you may enable or disable IPv6
+- </para> </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--prefix-delegation=[<emphasis>on</emphasis>|off]</option>
+- </term>
+-
+- <listitem>
+- <para>
+- By this option, you may enable or disable the delegation through your provider of one IPv6 prefix to your system.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,167 @@
+From bc2b9c75cd5b73e1c2de5463fc1c0bc94b6dad93 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 17:53:20 +0200
+Subject: [PATCH 090/304] man: Convert network-zone-wireless(8) to asciidoc
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-zone-wireless.txt | 32 ++++++++++
+ man/network-zone-wireless.xml | 107 ----------------------------------
+ 2 files changed, 32 insertions(+), 107 deletions(-)
+ create mode 100644 man/network-zone-wireless.txt
+ delete mode 100644 man/network-zone-wireless.xml
+
+diff --git a/man/network-zone-wireless.txt b/man/network-zone-wireless.txt
+new file mode 100644
+index 0000000..368ac2a
+--- /dev/null
++++ b/man/network-zone-wireless.txt
+@@ -0,0 +1,32 @@
++= network-zone-wireless(8)
++Michael Tremer <michael.tremer@ipfire.org>
++
++== NAME
++network-zone-wireless - Wireless Networks
++
++== SYNOPSIS
++[verse]
++`network zone new ZONE wireless ...`
++
++== DESCRIPTION
++The wireless hook uses a WiFi interface and connects to a wireless access point
++in station mode.
++
++Configuration and credentials for any wireless networks to connect to can be
++configured by using link:network-wireless-network[8].
++
++== OPTIONS
++The following options are understood:
++
++`--phy=PHY`::
++ Takes the MAC address or name of the physical layer that is used to create
++ a virtual wireless interface.
++
++`--address=ADDRESS`::
++ Define a MAC address that is used for the virtual wireless device. This
++ parameter is optional and a random MAC address will be generated when
++ omitted.
++
++== SEE ALSO
++link:network[8],
++link:network-zone[8]
+diff --git a/man/network-zone-wireless.xml b/man/network-zone-wireless.xml
+deleted file mode 100644
+index 0931245..0000000
+--- a/man/network-zone-wireless.xml
++++ /dev/null
+@@ -1,107 +0,0 @@
+-<?xml version="1.0"?>
+-<!DOCTYPE refentry PUBLIC "-//OASIS/DTD DocBook XML V4.2//EN"
+- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+-
+-<refentry id="network-zone-wireless">
+- <refentryinfo>
+- <title>network-zone-wireless</title>
+- <productname>network</productname>
+-
+- <authorgroup>
+- <author>
+- <contrib>Developer</contrib>
+- <firstname>Michael</firstname>
+- <surname>Tremer</surname>
+- <email>michael.tremer@ipfire.org</email>
+- </author>
+- </authorgroup>
+- </refentryinfo>
+-
+- <refmeta>
+- <refentrytitle>network-zone-wireless</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </refmeta>
+-
+- <refnamediv>
+- <refname>network-zone-wireless</refname>
+- <refpurpose>Network Configuration Control Program</refpurpose>
+- </refnamediv>
+-
+- <refsynopsisdiv>
+- <cmdsynopsis>
+- <command>network zone new <replaceable>ZONE</replaceable> wireless ...</command>
+- </cmdsynopsis>
+- </refsynopsisdiv>
+-
+- <refsect1>
+- <title>Description</title>
+-
+- <para>
+- The wireless hook uses a WiFi interface and connects to a
+- wireless access point in station mode.
+- </para>
+-
+- <para>
+- Configuration and credentials for any wireless networks to
+- connect to can be configured by using the
+- <command>network wireless network</command> command.
+-
+- See <citerefentry>
+- <refentrytitle>network-wireless-networks</refentrytitle>
+- <manvolnum>8</manvolnum>,
+- </citerefentry> for details.
+- </para>
+- </refsect1>
+-
+- <refsect1>
+- <title>Options</title>
+-
+- <para>
+- The following options are understood:
+- </para>
+-
+- <variablelist>
+- <varlistentry>
+- <term>
+- <option>--phy=<replaceable>PHY</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Takes the MAC address or name of the physical layer
+- that is used to create a virtual wireless interface.
+- </para>
+- </listitem>
+- </varlistentry>
+-
+- <varlistentry>
+- <term>
+- <option>--address=<replaceable>ADDRESS</replaceable></option>
+- </term>
+-
+- <listitem>
+- <para>
+- Define a MAC address that is used for the virtual
+- wireless device. This parameter is optional and
+- a random MAC address will be generated when omitted.
+- </para>
+- </listitem>
+- </varlistentry>
+- </variablelist>
+- </refsect1>
+-
+- <refsect1>
+- <title>See Also</title>
+-
+- <para>
+- <citerefentry>
+- <refentrytitle>network</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>network-zone</refentrytitle>
+- <manvolnum>8</manvolnum>
+- </citerefentry>
+- </para>
+- </refsect1>
+-</refentry>
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,43 @@
+From d746901bf5d4b4eb7591d1e009fad2960647e034 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 20:01:00 +0200
+Subject: [PATCH 091/304] man: Cleanup XML files
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 26f2e9c..d79b0f2 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -475,7 +475,8 @@ MANPAGES = \
+ man/network-zone-wireless.8
+
+ MANPAGES_TXT = $(patsubst %.8,%.txt,$(MANPAGES))
+-MANPAGES_HTML = $(patsubst %.txt,%.html,$(MANPAGES))
++MANPAGES_HTML = $(patsubst %.txt,%.html,$(MANPAGES_TXT))
++MANPAGES_XML = $(patsubst %.txt,%.xml,$(MANPAGES_TXT))
+
+ .PHONY: man
+ man: $(MANPAGES) $(MANPAGES_HTML)
+@@ -484,11 +485,13 @@ man_MANS = \
+ $(MANPAGES)
+
+ noinst_DATA += \
+- $(MANPAGES_HTML)
++ $(MANPAGES_HTML) \
++ $(MANPAGES_XML)
+
+ CLEANFILES += \
+ $(man_MANS) \
+- $(MANPAGES_HTML)
++ $(MANPAGES_HTML) \
++ $(MANPAGES_XML)
+
+ EXTRA_DIST += \
+ $(MANPAGES_TXT)
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,54 @@
+From 5d881996d1a5cf6211ae1fa0d4c4cd6fe6867f79 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 20:08:00 +0200
+Subject: [PATCH 092/304] man: Make distcheck happy
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 14 +++++++++-----
+ 1 file changed, 9 insertions(+), 5 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index d79b0f2..0257b02 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -494,6 +494,7 @@ CLEANFILES += \
+ $(MANPAGES_XML)
+
+ EXTRA_DIST += \
++ man/asciidoc.conf \
+ $(MANPAGES_TXT)
+
+ XSLTPROC_FLAGS = \
+@@ -505,20 +506,23 @@ XSLTPROC_FLAGS = \
+ --stringparam man.copyright.section.enabled 1
+
+ XSLTPROC_COMMAND_MAN = \
+- $(AM_V_XSLT)$(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) \
++ $(AM_V_XSLT)$(MKDIR_P) $(dir $@) && \
++ $(XSLTPROC) -o $@ $(XSLTPROC_FLAGS) \
+ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $<
+
+ man/%.xml: man/%.txt man/asciidoc.conf
+- $(AM_V_ASCIIDOC)$(ASCIIDOC) \
+- -f man/asciidoc.conf \
++ $(AM_V_ASCIIDOC)$(MKDIR_P) $(dir $@) && \
++ $(ASCIIDOC) \
++ -f $(abs_srcdir)/man/asciidoc.conf \
+ -d manpage -b docbook -o $@ $<
+
+ man/%.8: man/%.xml
+ $(XSLTPROC_COMMAND_MAN)
+
+ man/%.html: man/%.txt man/asciidoc.conf
+- $(AM_V_ASCIIDOC)$(ASCIIDOC) \
+- -f man/asciidoc.conf \
++ $(AM_V_ASCIIDOC)$(MKDIR_P) $(dir $@) && \
++ $(ASCIIDOC) \
++ -f $(abs_srcdir)/man/asciidoc.conf \
+ -b html5 -a icons -a theme=flask -o $@ $<
+
+ # ------------------------------------------------------------------------------
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,28 @@
+From ff43523863b7ad7f50f5dfd4fdf80251ef01fa51 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 20:14:34 +0200
+Subject: [PATCH 093/304] man: Include include files in tarball
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 0257b02..6b77f0a 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -474,6 +474,10 @@ MANPAGES = \
+ man/network-zone-pppoe.8 \
+ man/network-zone-wireless.8
+
++EXTRA_DIST += \
++ man/include-color.txt \
++ man/include-description.txt
++
+ MANPAGES_TXT = $(patsubst %.8,%.txt,$(MANPAGES))
+ MANPAGES_HTML = $(patsubst %.txt,%.html,$(MANPAGES_TXT))
+ MANPAGES_XML = $(patsubst %.txt,%.xml,$(MANPAGES_TXT))
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,26 @@
+From 71bdead694bdae2e40e8a9f99403b4ec2db77914 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 31 Mar 2019 20:17:09 +0200
+Subject: [PATCH 094/304] man: network-route-static: Fix name
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-route-static.txt | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/man/network-route-static.txt b/man/network-route-static.txt
+index d4774b2..c6c3fea 100644
+--- a/man/network-route-static.txt
++++ b/man/network-route-static.txt
+@@ -2,7 +2,7 @@
+ Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+-network-route - Manage Static Routing
++network-route-static - Manage Static Routing
+
+ == SYNOPSIS
+ [verse]
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,28 @@
+From 2d2e96269516032b3bc4f2222067f6b82398a70a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 1 Apr 2019 12:31:53 +0200
+Subject: [PATCH 095/304] Makefile: Add target to upload HTML man pages
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index 6b77f0a..955f2b7 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -529,6 +529,10 @@ man/%.html: man/%.txt man/asciidoc.conf
+ -f $(abs_srcdir)/man/asciidoc.conf \
+ -b html5 -a icons -a theme=flask -o $@ $<
+
++.PHONY: upload-man
++upload-man: $(MANPAGES_HTML)
++ rsync -avHz --delete --progress $(MANPAGES_HTML) ms@people.ipfire.org:/pub/man-pages/$(PACKAGE_NAME)/
++
+ # ------------------------------------------------------------------------------
+
+ substitutions = \
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,29 @@
+From 95556ed6aa03a160df0ed6e929389c3d7283b87b Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 1 Apr 2019 12:45:55 +0200
+Subject: [PATCH 096/304] man: Do not generate HTML documentation in normal
+ build
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 4 ----
+ 1 file changed, 4 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 955f2b7..4c26a9d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -488,10 +488,6 @@ man: $(MANPAGES) $(MANPAGES_HTML)
+ man_MANS = \
+ $(MANPAGES)
+
+-noinst_DATA += \
+- $(MANPAGES_HTML) \
+- $(MANPAGES_XML)
+-
+ CLEANFILES += \
+ $(man_MANS) \
+ $(MANPAGES_HTML) \
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,205 @@
+From 6b1e747472ac60192146fc5ddba12b4a5d021194 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 1 Apr 2019 12:47:02 +0200
+Subject: [PATCH 097/304] man: Fix authorship warnings
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-route-static.txt | 4 +++-
+ man/network-settings.txt | 1 -
+ man/network-vpn-security-policies.txt | 4 +++-
+ man/network-zone-bridge.txt | 4 +++-
+ man/network-zone-config-pppoe-server.txt | 3 +++
+ man/network-zone-ip-tunnel.txt | 4 +++-
+ man/network-zone-modem.txt | 4 +++-
+ man/network-zone-pppoe.txt | 4 +++-
+ man/network-zone-wireless.txt | 4 +++-
+ man/network-zone.txt | 4 +++-
+ 10 files changed, 27 insertions(+), 9 deletions(-)
+
+diff --git a/man/network-route-static.txt b/man/network-route-static.txt
+index c6c3fea..4ba97eb 100644
+--- a/man/network-route-static.txt
++++ b/man/network-route-static.txt
+@@ -1,5 +1,4 @@
+ = network-route-static(8)
+-Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+ network-route-static - Manage Static Routing
+@@ -63,6 +62,9 @@ The following commands are understood:
+ Packets matching this kind of route are silently discarded.
+ There will be no ICMP message sent to the source and no packet be forwarded.
+
++== AUTHORS
++Michael Tremer
++
+ == SEE ALSO
+ link:network[8],
+ link:network-route[8],
+diff --git a/man/network-settings.txt b/man/network-settings.txt
+index e77f038..a1c1ae3 100644
+--- a/man/network-settings.txt
++++ b/man/network-settings.txt
+@@ -1,5 +1,4 @@
+ = network-settings(8)
+-Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+ network-settings - Change global network settings
+diff --git a/man/network-vpn-security-policies.txt b/man/network-vpn-security-policies.txt
+index f9dc91a..3c843d7 100644
+--- a/man/network-vpn-security-policies.txt
++++ b/man/network-vpn-security-policies.txt
+@@ -1,5 +1,4 @@
+ = network-vpn-security-policies(8)
+-Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+ network-vpn-security-policies - Configure VPN Security Policies
+@@ -106,6 +105,9 @@ They are intended to provide good defaults for various situations.
+
+ System policies cannot be deleted.
+
++== AUTHORS
++Michael Tremer
++
+ == SEE ALSO
+ link:network[8],
+ link:network-vpn[8]
+diff --git a/man/network-zone-bridge.txt b/man/network-zone-bridge.txt
+index 2e4f839..46c78a6 100644
+--- a/man/network-zone-bridge.txt
++++ b/man/network-zone-bridge.txt
+@@ -1,5 +1,4 @@
+ = network-zone-bridge(8)
+-Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+ network-zone-bridge - Manage network zones
+@@ -50,6 +49,9 @@ Spanning Tree Protocol (802.1D) configuration options:
+ The STP priority sets the ranking of this network device within the network.
+ The bridge with the best rank (0 is best) will become the root bridge.
+
++== AUTHORS
++Michael Tremer
++
+ == SEE ALSO
+ link:network[8],
+ link:network-zone[8]
+diff --git a/man/network-zone-config-pppoe-server.txt b/man/network-zone-config-pppoe-server.txt
+index 72dff8e..7d83bd1 100644
+--- a/man/network-zone-config-pppoe-server.txt
++++ b/man/network-zone-config-pppoe-server.txt
+@@ -44,6 +44,9 @@ This command creates a PPPoE server that will assign an IP address from the
+
+ network zone net0 config create pppoe-server --subnet=192.168.0.0/16
+
++== AUTHORS
++Michael Tremer
++
+ == SEE ALSO
+ link:network[8],
+ link:network-zone[8],
+diff --git a/man/network-zone-ip-tunnel.txt b/man/network-zone-ip-tunnel.txt
+index cb30731..8e2f30a 100644
+--- a/man/network-zone-ip-tunnel.txt
++++ b/man/network-zone-ip-tunnel.txt
+@@ -1,5 +1,4 @@
+ = network-zone-ip-tunnel(8)
+-Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+ network-zone-ip-tunnel - Manage IP Tunnels
+@@ -30,6 +29,9 @@ The following options are understood:
+ +
+ This is optional and if unset a useful default will be used.
+
++== AUTHORS
++Michael Tremer
++
+ == SEE ALSO
+ link:network[8],
+ link:network-zone[8]
+diff --git a/man/network-zone-modem.txt b/man/network-zone-modem.txt
+index 6b09622..082bb21 100644
+--- a/man/network-zone-modem.txt
++++ b/man/network-zone-modem.txt
+@@ -1,5 +1,4 @@
+ = network-zone-modem(8)
+-Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+ network-zone-modem - Configure serial modems
+@@ -61,6 +60,9 @@ The following options are understood:
+ * _Password Authentication Protocol_ (`pap`) sends the plaintext password
+ to the authentication server which is the reason why it should be avoided.
+
++== AUTHORS
++Michael Tremer
++
+ == SEE ALSO
+ link:network[8],
+ link:network-zone[8]
+diff --git a/man/network-zone-pppoe.txt b/man/network-zone-pppoe.txt
+index 93b55f2..1a1c4f3 100644
+--- a/man/network-zone-pppoe.txt
++++ b/man/network-zone-pppoe.txt
+@@ -1,5 +1,4 @@
+ = network-zone-pppoe(8)
+-Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+ network-zone-pppoe - PPP over Ethernet
+@@ -47,6 +46,9 @@ The following options are understood:
+ By this option, you may enable or disable the delegation through your
+ provider of one IPv6 prefix to your system.
+
++== AUTHORS
++Michael Tremer
++
+ == SEE ALSO
+ link:network[8],
+ link:network-zone[8]
+diff --git a/man/network-zone-wireless.txt b/man/network-zone-wireless.txt
+index 368ac2a..531f8ff 100644
+--- a/man/network-zone-wireless.txt
++++ b/man/network-zone-wireless.txt
+@@ -1,5 +1,4 @@
+ = network-zone-wireless(8)
+-Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+ network-zone-wireless - Wireless Networks
+@@ -27,6 +26,9 @@ The following options are understood:
+ parameter is optional and a random MAC address will be generated when
+ omitted.
+
++== AUTHORS
++Michael Tremer
++
+ == SEE ALSO
+ link:network[8],
+ link:network-zone[8]
+diff --git a/man/network-zone.txt b/man/network-zone.txt
+index 88a1988..2c2c6f0 100644
+--- a/man/network-zone.txt
++++ b/man/network-zone.txt
+@@ -1,5 +1,4 @@
+ = network-zone(8)
+-Michael Tremer <michael.tremer@ipfire.org>
+
+ == NAME
+ network-zone - Manage network zones
+@@ -69,5 +68,8 @@ include::include-description.txt[]
+ The command will shut down the zone if it is up and start it again with
+ the new name. If the zone is not up it won't be started.
+
++== AUTHORS
++Michael Tremer
++
+ == SEE ALSO
+ link:network[8]
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,583 @@
+From 39cfece88a2978f946e1713fbf1e2be3faf124d6 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 1 Apr 2019 19:49:01 +0200
+Subject: [PATCH 098/304] man: Make syntax format more similar across files
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/firewall-settings.txt | 29 +++++------
+ man/network-device.txt | 37 ++++++--------
+ man/network-dhcp.txt | 35 ++++++--------
+ man/network-dns-server.txt | 50 ++++++++-----------
+ man/network-performance-tuning.txt | 17 +++----
+ man/network-port.txt | 77 ++++++++++++++----------------
+ man/network-quick-start.txt | 15 ++----
+ man/network-route-static.txt | 18 +++----
+ 8 files changed, 116 insertions(+), 162 deletions(-)
+
+diff --git a/man/firewall-settings.txt b/man/firewall-settings.txt
+index 20038e3..81c9bd9 100644
+--- a/man/firewall-settings.txt
++++ b/man/firewall-settings.txt
+@@ -1,30 +1,25 @@
+-firewall-settings(8)
+-====================
++= firewall-settings(8)
+
+-NAME
+-----
++== NAME
+ firewall-settings - Global firewall settings
+
+-SYNOPSIS
+---------
++== SYNOPSIS
+ [verse]
+-'firewall settings'
+-'firewall settings' KEY=VALUE ...
++`firewall settings`
++`firewall settings` KEY=VALUE ...
+
+-DESCRIPTION
+------------
++== DESCRIPTION
+ This command is used to set global firewall settings.
+ Please have a look at the individual man pages for more options.
+
+-COMMANDS
+---------
++== COMMANDS
+ If no argument is given, the configuration will be dumped to the console.
+
+ You may set a new value by adding the variable name and the new value to
+ the command line.
+
+-SETTINGS
+---------
++== SETTINGS
++
+ === CONNTRACK_MAX_CONNECTIONS = 16384
+ Limits the max. number of simultaneous connections.
+
+@@ -88,10 +83,8 @@ Some routers on the Internet still do not support ECN properly.
+ When this setting is disabled, ECN is only advertised
+ when asked for.
+
+-AUTHORS
+--------
++== AUTHORS
+ Michael Tremer
+
+-SEE ALSO
+---------
++== SEE ALSO
+ link:firewall[8]
+diff --git a/man/network-device.txt b/man/network-device.txt
+index 4f1c1b0..d70536e 100644
+--- a/man/network-device.txt
++++ b/man/network-device.txt
+@@ -1,61 +1,54 @@
+-network-device(8)
+-=================
++= network-device(8)
+
+-NAME
+-----
++== NAME
+ network-device - Controls network devices
+
+-SYNOPSIS
+---------
++== SYNOPSIS
+ [verse]
+-'network device' [<options>] <command> ...
++`network device` COMMAND ...
+
+-DESCRIPTION
+------------
+-The 'network device' command shows low-level status information
++== DESCRIPTION
++The `network device` command shows low-level status information
+ of network devices and other things.
+
+-COMMANDS
+---------
++== COMMANDS
+ The following commands are understood:
+
+-'list'::
++`list`::
+ This command shows a list of all device that are currently present
+ on this system. This includes PHYs and serial devices as well.
+
+-'DEVICE discover'::
++`DEVICE discover`::
+ Runs a discovery for many hooks on the given device.
+
+ This will check if the hook can find for example a DHCP server or
+ DSLAM and thus predict for what the device should be used.
+
+-'DEVICE identify'::
++`DEVICE identify`::
+ This command only works for Ethernet adapters and will make those
+ that support this feature flash for a few seconds.
+
+ It is handy to find the right device to put the cable in.
+
+-'DEVICE monitor'::
++`DEVICE monitor`::
+ This command creates a monitor interface for wireless modules.
+
+ An instance of link:tcpdump[8] will be started and show all
+ frames that are sent or received on the 802.11 layer (layer 2).
+
+-'DEVICE status'::
++`DEVICE status`::
+ This will show you very detailed information about the given device.
+
+-'DEVICE unlock'::
++`DEVICE unlock`::
+ This command will unlock the SIM card in a modem.
+ Only serial devices are supported which are the most 4G or 3G modems.
+
+ For the PIN or PUK code, the user will be prompted.
+
+-AUTHORS
+--------
++== AUTHORS
+ Michael Tremer
+
+-SEE ALSO
+---------
++== SEE ALSO
+ link:network[8]
+ link:network-port[8]
+ link:network-zone[8]
+diff --git a/man/network-dhcp.txt b/man/network-dhcp.txt
+index bcb768e..11e5fb4 100644
+--- a/man/network-dhcp.txt
++++ b/man/network-dhcp.txt
+@@ -1,44 +1,37 @@
+-network-dhcp(8)
+-===============
++= network-dhcp(8)
+
+-NAME
+-----
++== NAME
+ network-dhcp - Controls the DHCP Server
+
+-SYNOPSIS
+---------
++== SYNOPSIS
+ [verse]
+-'network dhcpv6' <command> ...
+-'network dhcpv4' <command> ...
++`network dhcpv6` COMMAND ...
++`network dhcpv4` COMMAND ...
+
+-DESCRIPTION
+------------
++== DESCRIPTION
+ With help of the DHCP commands it is possible to configure DHCP
+ servers for IPv6 and IPv4.
+
+-COMMANDS
+---------
++== COMMANDS
+ The following commands are understood:
+
+-'start'::
++`start`::
+ Starts the DHCP server.
+
+-'stop'::
++`stop`::
+ Stops the DHCP server.
+
+-'restart'::
++`restart`::
+ Restarts the DHCP server.
+
+-'reload'::
++`reload`::
+ Reload the DHCP server configuration.
+
+-'subnet ...'::
++`subnet ...`::
+ TODO
+
+-AUTHORS
+--------
++== AUTHORS
+ Michael Tremer
+
+-SEE ALSO
+---------
++== SEE ALSO
+ link:network[8]
+diff --git a/man/network-dns-server.txt b/man/network-dns-server.txt
+index bd01ca7..f5019ce 100644
+--- a/man/network-dns-server.txt
++++ b/man/network-dns-server.txt
+@@ -1,75 +1,67 @@
+-network-dns-server(8)
+-=====================
++= network-dns-server(8)
+
+-NAME
+-----
++== NAME
+ network-dns-server - Controls the DNS settings
+
+-SYNOPSIS
+---------
++== SYNOPSIS
+ [verse]
+-'network dns-server' add SERVER [PRIORITY]
+-'network dns-server' remove SERVER
+-'network dns-server' list
+-'network dns-server' update
++`network dns-server add` SERVER [PRIORITY]
++`network dns-server remove` SERVER
++`network dns-server list`
++`network dns-server update`
+
+-DESCRIPTION
+------------
++== DESCRIPTION
+ With this command, you will be able to configure the local DNS
+ configuration.
+
+ You may add and remove DNS servers as well as view the settings.
+
+-COMMANDS
+---------
++== COMMANDS
+ The following commands are understood:
+
+-'add' SERVER [PRIORITY]::
++`add SERVER [PRIORITY]`::
+ A new DNS server may be added to the list by the
+ 'add' command.
+ A priority that will rank the server my optionally be given.
+-
++ +
+ NOTE: SERVER must be a valid IP address and PRIORITY
+ must be a positive number.
+ The smaller this number, the higher is is the rank of
+ the server.
+
+-'remove' SERVER::
++`remove SERVER`::
+ The given server will be removed from the list of DNS servers.
+
+-'list'::
++`list`::
+ Shows a list of all servers that are currently in use.
+
+-'update'::
++`update`::
+ This command will re-create the system's configuration
+ files. It should not be required to use this command
+ very often.
+
+-SETTINGS
+---------
++== SETTINGS
+ The following settings may be set using link:network-settings[8]:
+
+-'DNS_USE_LOCAL_RESOLVER = [true|false]'::
++`DNS_USE_LOCAL_RESOLVER = [true|false]`::
+ This option defines whether the local DNS resolver should
+ be used or not.
+-
++ +
+ Basically, the option adds localhost to the list of nameservers
+ in link:resolv.conf[5].
+
+-'DNS_SEARCH_DOMAINS ='::
++`DNS_SEARCH_DOMAINS =`::
+ This setting configures the search domains for DNS queries
+ made by the local system.
+
+-'DNS_RANDOMIZE = [true|false]'::
++`DNS_RANDOMIZE = [true|false]`::
+ This option will break the DNS server ranks and will query
+ them in a random order which is useful to load-balance
+ multiple DNS servers.
+
+-AUTHORS
+--------
++== AUTHORS
+ Michael Tremer
+
+-SEE ALSO
+---------
++== SEE ALSO
+ link:network[8],
+ link:network-settings[8]
+diff --git a/man/network-performance-tuning.txt b/man/network-performance-tuning.txt
+index 763ee21..4672bbc 100644
+--- a/man/network-performance-tuning.txt
++++ b/man/network-performance-tuning.txt
+@@ -1,12 +1,9 @@
+-network-performance-tuning(8)
+-=============================
++= network-performance-tuning(8)
+
+-NAME
+-----
++== NAME
+ network-performance-tuning - Performance Tuning for Networking
+
+-DESCRIPTION
+------------
++== DESCRIPTION
+ This page contains a summary of some performance tuning techniques
+ that this system is using.
+
+@@ -22,12 +19,10 @@ reducing network latency and quite possibly increasing throughput.
+ The algorithm is trying to balance all network controllers across
+ all processors.
+
+-See /proc/interrups for the distribution of interrupts.
++See /proc/interrupts for the distribution of interrupts.
+
+-AUTHORS
+--------
++== AUTHORS
+ Michael Tremer
+
+-SEE ALSO
+---------
++== SEE ALSO
+ link:network[8]
+diff --git a/man/network-port.txt b/man/network-port.txt
+index 0c26f33..54cd58c 100644
+--- a/man/network-port.txt
++++ b/man/network-port.txt
+@@ -1,29 +1,25 @@
+-network-port(8)
+-===============
++= network-port(8)
+
+-NAME
+-----
++== NAME
+ network-port - Controls Network Ports
+
+-SYNOPSIS
+---------
++== SYNOPSIS
+ [verse]
+-'network port' new HOOK ...
+-'network port' destroy PORT
+-'network port' PORT color set <color>
+-'network port' PORT color reset
+-'network port' PORT create
+-'network port' PORT description edit
+-'network port' PORT description show
+-'network port' PORT down
+-'network port' PORT edit ...
+-'network port' PORT identify
+-'network port' PORT remove
+-'network port' PORT status
+-'network port' PORT up
+-
+-DESCRIPTION
+------------
++`network port new HOOK ...`
++`network port destroy PORT`
++`network port PORT color set COLOR`
++`network port PORT color reset`
++`network port PORT create`
++`network port PORT description edit`
++`network port PORT description show`
++`network port PORT down`
++`network port PORT edit ...`
++`network port PORT identify`
++`network port PORT remove`
++`network port PORT status`
++`network port PORT up`
++
++== DESCRIPTION
+ This command creates, deletes, changes and views the configuration
+ and status of ports.
+
+@@ -32,15 +28,14 @@ to an other network. It connects those and zones together.
+ The 'network device' command shows status information of network devices
+ and other things.
+
+-COMMANDS
+---------
++== COMMANDS
+ The following commands are understood:
+
+-'new' HOOK ...::
++`new HOOK ...`::
+ A new port may be created with this command.
+ HOOK must be a valid hook which may require more options.
+
+-'destroy' PORT::
++`destroy PORT`::
+ Destroys the port PORT.
+ The port is removed from any zones it is attached to and shut down.
+
+@@ -48,49 +43,47 @@ For all other commands, the name of the port needs to be passed first:
+
+ include::include-color.txt[]
+
+-'create'::
++`create`::
+ This will create devices for the existing port PORT.
+-
++ +
+ This does not create a new port. It will just create the (possibly
+ virtual) interface this port (i.e. create an interface for a WiFi
+ module or a VLAN device).
+-
+- The interface is not brought up. Use the 'up' command to do that.
++ +
++ The interface is not brought up. Use the `up` command to do that.
+
+ include::include-description.txt[]
+
+-'down'::
++`down`::
+ Shuts down the port.
+
+-'edit'::
++`edit`::
+ This command can be used to alter the configuration of a port.
+ Consult the documentation of the port hook to find out what is supported.
+
+-'identify'::
++`identify`::
+ This command will make the port flash for a few seconds
+ so that you can identify the correct network adapters
+ in the system.
+-
++ +
+ This is not supported by all network adapters.
+
+-'remove'::
++`remove`::
+ This will remove an existing PORT.
+-
++ +
+ This does not destroy the port. It inverses the operation performed
+ by the 'create' command.
+
+-'status'::
++`status`::
+ This will show some detailed information about the status
+ of the specified port.
+
+-'up'::
++`up`::
+ Brings up the port. It has to be created first.
+
+-AUTHORS
+--------
++== AUTHORS
+ Michael Tremer
+
+-SEE ALSO
+---------
++== SEE ALSO
+ link:network[8],
+ link:network-zone[8]
+diff --git a/man/network-quick-start.txt b/man/network-quick-start.txt
+index 02ebfe0..1ab5866 100644
+--- a/man/network-quick-start.txt
++++ b/man/network-quick-start.txt
+@@ -1,12 +1,9 @@
+-network-quick-start(8)
+-======================
++= network-quick-start(8)
+
+-NAME
+-----
++== NAME
+ network-quick-start - Quick Start Guide for Networking
+
+-DESCRIPTION
+------------
++== DESCRIPTION
+ The link:network[8] is a very powerful command that allows you to configure
+ the entire networking stack.
+ Unfortunately that makes it quite complicated to use as well.
+@@ -80,12 +77,10 @@ The entire network can be restarted by running:
+ # network restart
+ ------------
+
+-AUTHORS
+--------
++== AUTHORS
+ Michael Tremer
+
+-SEE ALSO
+---------
++== SEE ALSO
+ link:network[8],
+ link:network-device[8],
+ link:network-port[8],
+diff --git a/man/network-route-static.txt b/man/network-route-static.txt
+index 4ba97eb..43a1277 100644
+--- a/man/network-route-static.txt
++++ b/man/network-route-static.txt
+@@ -5,10 +5,10 @@ network-route-static - Manage Static Routing
+
+ == SYNOPSIS
+ [verse]
+-'network route static' COMMAND ...
+-'network route static add' NETWORK [--gateway=GATEWAY,--unreachable,--prohibit,--blackhole] [--mtu=MTU]
+-'network route static remove' NETWORK
+-'network route static list' [--protocol=ipv6|ipv4]
++`network route static COMMAND ...`
++`network route static add NETWORK [--gateway=GATEWAY,--unreachable,--prohibit,--blackhole] [--mtu=MTU]`
++`network route static remove NETWORK`
++`network route static list` [--protocol=ipv6|ipv4]`
+
+ == DESCRIPTION
+ This command helps to manage routes.
+@@ -20,14 +20,14 @@ The following commands are understood:
+ A new route may be added by the 'add' command. It is required to pass a
+ valid network prefix NETWORK, which can be either IPv6 or IPv4.
+ +
+- For unicast routes, the '--gateway=GATEWAY' option must be passed, where
++ For unicast routes, the `--gateway=GATEWAY` option must be passed, where
+ GATEWAY is a valid IP address of the same protocol type as the network
+ prefix is.
+ +
+- Use '--unreachable', '--prohibit', '--blackhole' can be used to create of
++ Use `--unreachable`, `--prohibit`, `--blackhole` can be used to create of
+ that type. See ROUTE TYPES below for more information about these options.
+ +
+- The optional '--mtu=MTU' parameter defines the MTU along the path to the
++ The optional `--mtu=MTU` parameter defines the MTU along the path to the
+ destination and must be an integer number. This will show you very
+ detailed information about the given device.
+
+@@ -39,7 +39,7 @@ The following commands are understood:
+ 'list'::
+ Shows a list of all configured routes.
+ +
+- Output can be filtered by passing --protocol=[ipv6|ipv4].
++ Output can be filtered by passing `--protocol=[ipv6|ipv4]`.
+
+ == ROUTE TYPES
+
+@@ -47,7 +47,7 @@ The following commands are understood:
+ 'unicast'::
+ A unicast route is the most common route in routing tables. It is a route to
+ a destination network address, which describes the path to the destination.
+- Use the '--gateway=GATEWAY' option to create such a route.
++ Use the `--gateway=GATEWAY` option to create such a route.
+
+ 'unreachable'::
+ When a route is determined and the routing decision process returns a
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,53 @@
+From d673165c5456e29013def29ed1fa9f202110665a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 11:50:13 +0200
+Subject: [PATCH 099/304] hooks: Add overwritable function to determine the
+ port name
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/header-port | 18 +++++++++++++-----
+ 1 file changed, 13 insertions(+), 5 deletions(-)
+
+diff --git a/src/header-port b/src/header-port
+index d75fdd8..7d0b272 100644
+--- a/src/header-port
++++ b/src/header-port
+@@ -68,6 +68,12 @@ hook_hotplug_rename_by_address() {
+ return ${EXIT_ERROR}
+ }
+
++# Returns the suggested name of the port
++hook_find_port_name() {
++ assert isset HOOK_PORT_PATTERN
++ port_find_free "${HOOK_PORT_PATTERN}"
++}
++
+ hook_default_new() {
+ local ${HOOK_SETTINGS[*]}
+
+@@ -78,14 +84,16 @@ hook_default_new() {
+ return ${EXIT_ERROR}
+ fi
+
+- assert isset HOOK_PORT_PATTERN
+-
+- local port=$(port_find_free ${HOOK_PORT_PATTERN})
++ # Determine a name for this port
++ local port="$(hook_find_port_name)"
+ assert isset port
+
+- port_settings_write "${port}" ${HOOK_SETTINGS[*]}
++ # Save settings
++ if ! port_settings_write "${port}" ${HOOK_SETTINGS[*]}; then
++ return ${EXIT_ERROR}
++ fi
+
+- exit ${EXIT_OK}
++ return ${EXIT_OK}
+ }
+
+ hook_new() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,76 @@
+From 96045e9c044a709407b40df4145011e335929a3e Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 11:55:35 +0200
+Subject: [PATCH 100/304] vlan: Convert hook to use parse_cmdline function
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/vlan | 42 ++++++++----------------------------------
+ 1 file changed, 8 insertions(+), 34 deletions(-)
+
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index f511986..69f5144 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -51,7 +51,14 @@ hook_check_settings() {
+ done
+ }
+
+-hook_new() {
++hook_find_port_name() {
++ assert isset PARENT_DEVICE
++ assert isset TAG
++
++ print "${PARENT_DEVICE}${VLAN_PORT_INTERFIX}${TAG}"
++}
++
++hook_parse_cmdline() {
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+ --parent-device=*)
+@@ -63,42 +70,9 @@ hook_new() {
+ --tag=*)
+ TAG=$(cli_get_val "${1}")
+ ;;
+- *)
+- warning "Unknown argument '${1}'"
+- ;;
+- esac
+- shift
+- done
+-
+- local port="${PARENT_DEVICE}${VLAN_PORT_INTERFIX}${TAG}"
+-
+- port_settings_write "${port}"
+-
+- exit ${EXIT_OK}
+-}
+-
+-hook_edit() {
+- local port=${1}
+- assert isset port
+- shift
+-
+- port_settings_read "${port}"
+-
+- while [ $# -gt 0 ]; do
+- case "${1}" in
+- --address=*)
+- ADDRESS=$(cli_get_val "${1}")
+- ;;
+- *)
+- warning "Unknown argument '${1}'"
+- ;;
+ esac
+ shift
+ done
+-
+- port_settings_write "${port}"
+-
+- exit ${EXIT_OK}
+ }
+
+ hook_create() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,42 @@
+From abb655547c79f72b97451c02ba285b13c68e5a2a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:00:02 +0200
+Subject: [PATCH 101/304] vlan: Validate and always set MAC address
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/vlan | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index 69f5144..0147e54 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -66,6 +66,12 @@ hook_parse_cmdline() {
+ ;;
+ --address=*)
+ ADDRESS=$(cli_get_val "${1}")
++
++ # Validate address
++ if ! mac_is_valid "${ADDRESS}"; then
++ error "Invalid MAC address given: ${ADDRESS}"
++ return ${EXIT_CONF_ERROR}
++ fi
+ ;;
+ --tag=*)
+ TAG=$(cli_get_val "${1}")
+@@ -73,6 +79,11 @@ hook_parse_cmdline() {
+ esac
+ shift
+ done
++
++ # Generate a random MAC address if none given
++ if ! isset ADDRESS; then
++ ADDRESS="$(mac_generate)"
++ fi
+ }
+
+ hook_create() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,29 @@
+From 0cf39f2d5178f624161b8c4329140bd00b06019c Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:02:15 +0200
+Subject: [PATCH 102/304] vlan: Fail when unknown command line parameters are
+ being passed
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/vlan | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index 0147e54..39dbfff 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -76,6 +76,10 @@ hook_parse_cmdline() {
+ --tag=*)
+ TAG=$(cli_get_val "${1}")
+ ;;
++ -*)
++ error "Unknown argument '${1}'"
++ return ${EXIT_CONF_ERROR}
++ ;;
+ esac
+ shift
+ done
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,102 @@
+From a2f35a67d83bd3a4a4438c2b7b8cbc2ee0002e38 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:08:05 +0200
+Subject: [PATCH 103/304] vlan: Rename PARENT_DEVICE to PARENT_PORT
+
+It technically is a port
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/vlan | 26 ++++++++++++++++----------
+ test/nitsi/test/port-vlan/recipe | 2 +-
+ 2 files changed, 17 insertions(+), 11 deletions(-)
+
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index 39dbfff..f19eda4 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -23,14 +23,14 @@
+
+ HOOK_SETTINGS=(
+ "ADDRESS"
+- "PARENT_DEVICE"
++ "PARENT_PORT"
+ "TAG"
+ )
+
+-PORT_PARENTS_VAR="PARENT"
++PORT_PARENTS_VAR="PARENT_PORT"
+
+ hook_check_settings() {
+- assert isset PARENT_DEVICE
++ assert isset PARENT_PORT
+ assert isinteger TAG
+
+ if isset ADDRESS; then
+@@ -52,18 +52,15 @@ hook_check_settings() {
+ }
+
+ hook_find_port_name() {
+- assert isset PARENT_DEVICE
++ assert isset PARENT_PORT
+ assert isset TAG
+
+- print "${PARENT_DEVICE}${VLAN_PORT_INTERFIX}${TAG}"
++ print "${PARENT_PORT}${VLAN_PORT_INTERFIX}${TAG}"
+ }
+
+ hook_parse_cmdline() {
+ while [ $# -gt 0 ]; do
+ case "${1}" in
+- --parent-device=*)
+- PARENT_DEVICE=$(cli_get_val "${1}")
+- ;;
+ --address=*)
+ ADDRESS=$(cli_get_val "${1}")
+
+@@ -73,10 +70,19 @@ hook_parse_cmdline() {
+ return ${EXIT_CONF_ERROR}
+ fi
+ ;;
++ --port=*)
++ PARENT_PORT=$(cli_get_val "${1}")
++
++ # Check if PARENT_PORT exists
++ if ! port_exists "${PARENT_PORT}"; then
++ error "Port '${PARENT_PORT}' does not exist"
++ return ${EXIT_CONF_ERROR}
++ fi
++ ;;
+ --tag=*)
+ TAG=$(cli_get_val "${1}")
+ ;;
+- -*)
++ *)
+ error "Unknown argument '${1}'"
+ return ${EXIT_CONF_ERROR}
+ ;;
+@@ -100,7 +106,7 @@ hook_create() {
+ port_settings_read "${port}"
+
+ # Create the VLAN device
+- vlan_create "${port}" "${PARENT_DEVICE}" "${TAG}" "${ADDRESS}"
++ vlan_create "${port}" "${PARENT_PORT}" "${TAG}" "${ADDRESS}"
+
+ exit ${EXIT_OK}
+ }
+diff --git a/test/nitsi/test/port-vlan/recipe b/test/nitsi/test/port-vlan/recipe
+index d41377b..7a99251 100644
+--- a/test/nitsi/test/port-vlan/recipe
++++ b/test/nitsi/test/port-vlan/recipe
+@@ -17,7 +17,7 @@ bob: network zone upl0 config new static 192.168.100.102/24
+ all: network status
+
+ # Create a vlan device with parent port attached to net1
+-all: network port new vlan --parent-device=${p_net1} --tag=42
++all: network port new vlan --port="${p_net1}" --tag=42
+ all: network zone upl0 port attach "${p_net1}v42"
+
+ # Test if the vlan works by pinging bob
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,35 @@
+From 4776723194ad4d1ba75d1b373c1892e44ddcbf97 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:15:01 +0200
+Subject: [PATCH 104/304] vlan: Check if parent device exists before bringing
+ it up
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/vlan | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index f19eda4..98178e3 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -103,7 +103,15 @@ hook_create() {
+ device_exists "${port}" && exit ${EXIT_OK}
+
+ # Read configruation
+- port_settings_read "${port}"
++ if ! port_settings_read "${port}"; then
++ return ${EXIT_ERROR}
++ fi
++
++ # Check if the parent port exists
++ if ! port_exists "${PARENT_PORT}"; then
++ error "Port '${PARENT_PORT}' does not exist"
++ return ${EXIT_ERROR}
++ fi
+
+ # Create the VLAN device
+ vlan_create "${port}" "${PARENT_PORT}" "${TAG}" "${ADDRESS}"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,32 @@
+From 23ddd3765e344e06f379a5ccc5c2cfcbfca9c7b7 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:15:41 +0200
+Subject: [PATCH 105/304] vlan: Simplify vlan_remove()
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.vlan | 8 +-------
+ 1 file changed, 1 insertion(+), 7 deletions(-)
+
+diff --git a/src/functions/functions.vlan b/src/functions/functions.vlan
+index 97028b0..d83e3ad 100644
+--- a/src/functions/functions.vlan
++++ b/src/functions/functions.vlan
+@@ -88,13 +88,7 @@ vlan_create() {
+ }
+
+ vlan_remove() {
+- local device=${1}
+- assert isset device
+-
+- # Set down device (if not already done).
+- device_set_down ${device}
+-
+- device_delete ${device}
++ device_delete "$@"
+ }
+
+ vlan_get_parent() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,146 @@
+From d3a0f73d7b2b6d4f634083f5620752e57a7a691b Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:28:17 +0200
+Subject: [PATCH 106/304] vlan: Refactor vlan_create()
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.vlan | 81 +++++++++++++++++++++++-------------
+ src/hooks/ports/vlan | 10 ++++-
+ 2 files changed, 60 insertions(+), 31 deletions(-)
+
+diff --git a/src/functions/functions.vlan b/src/functions/functions.vlan
+index d83e3ad..99a8baa 100644
+--- a/src/functions/functions.vlan
++++ b/src/functions/functions.vlan
+@@ -38,53 +38,76 @@ EOF
+ }
+
+ vlan_create() {
+- local device=${1}
+- assert isset device
++ local device="${1}"
++ shift
+
+- local parent=${2}
+- assert isset parent
++ assert isset device
+
+- local tag=${3}
+- assert isinteger tag
++ local address
++ local parent
++ local tag
++
++ # Parse command line arguments
++ while [ $# -gt 0 ]; do
++ case "${1}" in
++ --address=*)
++ address=$(cli_get_val "${1}")
++ ;;
++ --parent=*)
++ parent=$(cli_get_val "${1}")
++ ;;
++ --tag=*)
++ tag=$(cli_get_val "${1}")
++ ;;
++ *)
++ error "Unrecognized argument: ${1}"
++ return ${EXIT_ERROR}
++ ;;
++ esac
++ shift
++ done
++
++ # Generate a random MAC address if none was passed
++ if ! isset address; then
++ address="$(mac_generate)"
++ fi
+
+- local address=${4}
+- if isset address; then
+- assert ismac address
++ # Check if address is valid
++ if ! ismac address; then
++ log ERROR "Invalid mac address: ${address}"
++ return ${EXIT_ERROR}
+ fi
+
+- # Check if a device with the name does already exist.
+- if device_exists ${device}; then
+- log ERROR "device '${device}' does already exist"
++ # Check if a device with the name does already exist
++ if device_exists "${device}"; then
++ log ERROR "Device '${device}' already exists"
+ return ${EXIT_ERROR}
+ fi
+
+- # Check if the parent device exists.
+- if ! device_exists ${parent}; then
+- log ERROR "parent device '${parent}' does not exist"
++ # Check if the parent device exists
++ if ! device_exists "${parent}"; then
++ log ERROR "Parent device '${parent}' does not exist"
+ return ${EXIT_ERROR}
+ fi
+
+ # Load ebtables stuff.
+ vlan_init
+
+- local command="ip link add link ${parent} name ${device}"
++ # Make the command
++ local command=(
++ ip link add link "${parent}" name "${device}"
++ address "${address}" type vlan id "${tag}"
++ )
+
+- if isset address; then
+- command="${command} address ${address}"
++ # Run the command
++ if ! cmd_quiet "${command[*]}"; then
++ log ERROR "Could not create VLAN device ${device}: $?"
++ return ${EXIT_ERROR}
+ fi
+
+- command="${command} type vlan id ${tag}"
+-
+- cmd_quiet ${command}
+- local ret=$?
+-
+- if [ ${ret} -eq ${EXIT_OK} ]; then
+- log DEBUG "vlan device '${device}' has been created"
+- else
+- log ERROR "could not create vlan device '${device}': ${ret}"
+- fi
++ log DEBUG "Created VLAN device ${device} (parent = ${parent}, id = ${tag})"
+
+- return ${ret}
++ return ${EXIT_OK}
+ }
+
+ vlan_remove() {
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index 98178e3..4715b1f 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -114,9 +114,15 @@ hook_create() {
+ fi
+
+ # Create the VLAN device
+- vlan_create "${port}" "${PARENT_PORT}" "${TAG}" "${ADDRESS}"
++ if ! vlan_create "${port}" \
++ --address="${ADDRESS}" \
++ --parent="${PARENT_PORT}" \
++ --tag="${TAG}"; then
++ error "Could not create port: ${port}"
++ return ${EXIT_ERROR}
++ fi
+
+- exit ${EXIT_OK}
++ return ${EXIT_OK}
+ }
+
+ hook_remove() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,30 @@
+From 68cacd23226f401f1676e8bfc975467647cefef0 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:29:57 +0200
+Subject: [PATCH 107/304] vlan: Create partent port (if necessary)
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/ports/vlan | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index 4715b1f..384ad50 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -113,6 +113,12 @@ hook_create() {
+ return ${EXIT_ERROR}
+ fi
+
++ # Create the partent port first
++ if ! port_create "${PARENT_PORT}"; then
++ error "Could not bring up parent port: ${PARENT_PORT}"
++ return ${EXIT_ERROR}
++ fi
++
+ # Create the VLAN device
+ if ! vlan_create "${port}" \
+ --address="${ADDRESS}" \
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,49 @@
+From 5338fb1423a84f9faeb597a2b67606fff1f6d6ab Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:30:48 +0200
+Subject: [PATCH 108/304] vlan: Drop ebtables stuff
+
+We no longer have ebtables
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.vlan | 16 ----------------
+ 1 file changed, 16 deletions(-)
+
+diff --git a/src/functions/functions.vlan b/src/functions/functions.vlan
+index 99a8baa..c542bb5 100644
+--- a/src/functions/functions.vlan
++++ b/src/functions/functions.vlan
+@@ -24,19 +24,6 @@ PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
+
+ VLAN_PORT_INTERFIX="v"
+
+-vlan_init() {
+- ebtables-restore <<EOF
+-*filter
+-:INPUT ACCEPT
+-:FORWARD ACCEPT
+-:OUTPUT ACCEPT
+-
+-*broute
+-:BROUTING ACCEPT
+--A BROUTING -p 802_1Q -j DROP
+-EOF
+-}
+-
+ vlan_create() {
+ local device="${1}"
+ shift
+@@ -90,9 +77,6 @@ vlan_create() {
+ return ${EXIT_ERROR}
+ fi
+
+- # Load ebtables stuff.
+- vlan_init
+-
+ # Make the command
+ local command=(
+ ip link add link "${parent}" name "${device}"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,159 @@
+From f24529e498b1c3fe60196c34356e5b005a22ae4c Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:34:49 +0200
+Subject: [PATCH 109/304] vlan: Rename tag to id
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.vlan | 12 ++++++------
+ src/hooks/ports/vlan | 26 +++++++++++++-------------
+ test/nitsi/test/port-vlan/recipe | 2 +-
+ 3 files changed, 20 insertions(+), 20 deletions(-)
+
+diff --git a/src/functions/functions.vlan b/src/functions/functions.vlan
+index c542bb5..9a70c95 100644
+--- a/src/functions/functions.vlan
++++ b/src/functions/functions.vlan
+@@ -31,8 +31,8 @@ vlan_create() {
+ assert isset device
+
+ local address
++ local id
+ local parent
+- local tag
+
+ # Parse command line arguments
+ while [ $# -gt 0 ]; do
+@@ -40,12 +40,12 @@ vlan_create() {
+ --address=*)
+ address=$(cli_get_val "${1}")
+ ;;
++ --id=*)
++ id=$(cli_get_val "${1}")
++ ;;
+ --parent=*)
+ parent=$(cli_get_val "${1}")
+ ;;
+- --tag=*)
+- tag=$(cli_get_val "${1}")
+- ;;
+ *)
+ error "Unrecognized argument: ${1}"
+ return ${EXIT_ERROR}
+@@ -80,7 +80,7 @@ vlan_create() {
+ # Make the command
+ local command=(
+ ip link add link "${parent}" name "${device}"
+- address "${address}" type vlan id "${tag}"
++ address "${address}" type vlan id "${id}"
+ )
+
+ # Run the command
+@@ -89,7 +89,7 @@ vlan_create() {
+ return ${EXIT_ERROR}
+ fi
+
+- log DEBUG "Created VLAN device ${device} (parent = ${parent}, id = ${tag})"
++ log DEBUG "Created VLAN device ${device} (parent = ${parent}, id = ${id})"
+
+ return ${EXIT_OK}
+ }
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index 384ad50..97b6985 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -23,39 +23,39 @@
+
+ HOOK_SETTINGS=(
+ "ADDRESS"
++ "ID"
+ "PARENT_PORT"
+- "TAG"
+ )
+
+ PORT_PARENTS_VAR="PARENT_PORT"
+
+ hook_check_settings() {
+ assert isset PARENT_PORT
+- assert isinteger TAG
++ assert isinteger ID
+
+ if isset ADDRESS; then
+ assert ismac ADDRESS
+ fi
+
+- if [ ${TAG} -gt 4096 ]; then
+- error "TAG is greater than 4096."
++ if [ ${ID} -gt 4096 ]; then
++ error "ID is greater than 4096."
+ exit ${EXIT_ERROR}
+ fi
+
+ local reserved
+ for reserved in 0 4095; do
+- if [ "${TAG}" = "${reserved}" ]; then
+- error "TAG=${reserved} is reserved."
++ if [ "${ID}" = "${reserved}" ]; then
++ error "ID=${reserved} is reserved."
+ exit ${EXIT_ERROR}
+ fi
+ done
+ }
+
+ hook_find_port_name() {
++ assert isset ID
+ assert isset PARENT_PORT
+- assert isset TAG
+
+- print "${PARENT_PORT}${VLAN_PORT_INTERFIX}${TAG}"
++ print "${PARENT_PORT}${VLAN_PORT_INTERFIX}${ID}"
+ }
+
+ hook_parse_cmdline() {
+@@ -70,6 +70,9 @@ hook_parse_cmdline() {
+ return ${EXIT_CONF_ERROR}
+ fi
+ ;;
++ --id=*)
++ ID=$(cli_get_val "${1}")
++ ;;
+ --port=*)
+ PARENT_PORT=$(cli_get_val "${1}")
+
+@@ -79,9 +82,6 @@ hook_parse_cmdline() {
+ return ${EXIT_CONF_ERROR}
+ fi
+ ;;
+- --tag=*)
+- TAG=$(cli_get_val "${1}")
+- ;;
+ *)
+ error "Unknown argument '${1}'"
+ return ${EXIT_CONF_ERROR}
+@@ -122,8 +122,8 @@ hook_create() {
+ # Create the VLAN device
+ if ! vlan_create "${port}" \
+ --address="${ADDRESS}" \
+- --parent="${PARENT_PORT}" \
+- --tag="${TAG}"; then
++ --id="${id}" \
++ --parent="${PARENT_PORT}"; then
+ error "Could not create port: ${port}"
+ return ${EXIT_ERROR}
+ fi
+diff --git a/test/nitsi/test/port-vlan/recipe b/test/nitsi/test/port-vlan/recipe
+index 7a99251..2341e19 100644
+--- a/test/nitsi/test/port-vlan/recipe
++++ b/test/nitsi/test/port-vlan/recipe
+@@ -17,7 +17,7 @@ bob: network zone upl0 config new static 192.168.100.102/24
+ all: network status
+
+ # Create a vlan device with parent port attached to net1
+-all: network port new vlan --port="${p_net1}" --tag=42
++all: network port new vlan --port="${p_net1}" --id=42
+ all: network zone upl0 port attach "${p_net1}v42"
+
+ # Test if the vlan works by pinging bob
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,110 @@
+From fc1e91cca425c8e929df76dad4488066070879dd Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 12:41:36 +0200
+Subject: [PATCH 110/304] vlan: Validate ID
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.vlan | 25 ++++++++++++++++++++++++-
+ src/hooks/ports/vlan | 26 +++++++++-----------------
+ 2 files changed, 33 insertions(+), 18 deletions(-)
+
+diff --git a/src/functions/functions.vlan b/src/functions/functions.vlan
+index 9a70c95..ee2fb34 100644
+--- a/src/functions/functions.vlan
++++ b/src/functions/functions.vlan
+@@ -24,6 +24,23 @@ PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
+
+ VLAN_PORT_INTERFIX="v"
+
++vlan_valid_id() {
++ local id="${1}"
++
++ # Must be an integer
++ if ! isinteger id; then
++ return ${EXIT_FALSE}
++ fi
++
++ # Must be between 1 and 4095
++ if [ ${id} -ge 1 ] && [ ${id} -le 4096 ]; then
++ return ${EXIT_TRUE}
++ fi
++
++ # Otherwise this is invalid
++ return ${EXIT_FALSE}
++}
++
+ vlan_create() {
+ local device="${1}"
+ shift
+@@ -31,7 +48,7 @@ vlan_create() {
+ assert isset device
+
+ local address
+- local id
++ local id=1
+ local parent
+
+ # Parse command line arguments
+@@ -65,6 +82,12 @@ vlan_create() {
+ return ${EXIT_ERROR}
+ fi
+
++ # Check VLAN ID
++ if ! vlan_valid_id "${id}"; then
++ log ERROR "Invalid VLAN ID: ${id}"
++ return ${EXIT_ERROR}
++ fi
++
+ # Check if a device with the name does already exist
+ if device_exists "${device}"; then
+ log ERROR "Device '${device}' already exists"
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index 97b6985..7f99dbc 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -30,25 +30,11 @@ HOOK_SETTINGS=(
+ PORT_PARENTS_VAR="PARENT_PORT"
+
+ hook_check_settings() {
++ assert ismac ADDRESS
+ assert isset PARENT_PORT
+- assert isinteger ID
+-
+- if isset ADDRESS; then
+- assert ismac ADDRESS
+- fi
+-
+- if [ ${ID} -gt 4096 ]; then
+- error "ID is greater than 4096."
+- exit ${EXIT_ERROR}
+- fi
+
+- local reserved
+- for reserved in 0 4095; do
+- if [ "${ID}" = "${reserved}" ]; then
+- error "ID=${reserved} is reserved."
+- exit ${EXIT_ERROR}
+- fi
+- done
++ assert isinteger ID
++ assert vlan_valid_id "${ID}"
+ }
+
+ hook_find_port_name() {
+@@ -72,6 +58,12 @@ hook_parse_cmdline() {
+ ;;
+ --id=*)
+ ID=$(cli_get_val "${1}")
++
++ # Validate VLAN ID
++ if ! vlan_valid_id "${ID}"; then
++ error "Invalid VLAN ID: ${ID}"
++ return ${EXIT_CONF_ERROR}
++ fi
+ ;;
+ --port=*)
+ PARENT_PORT=$(cli_get_val "${1}")
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,48 @@
+From 9532462fe04658d728ecbf263b586111f73fe2b2 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 13:16:47 +0200
+Subject: [PATCH 111/304] util: Add abort() which will stop the program
+ immediately
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.util | 17 +++++++++++++++--
+ 1 file changed, 15 insertions(+), 2 deletions(-)
+
+diff --git a/src/functions/functions.util b/src/functions/functions.util
+index 7379a98..39ad861 100644
+--- a/src/functions/functions.util
++++ b/src/functions/functions.util
+@@ -469,14 +469,27 @@ assert() {
+ local assertion="$@"
+
+ if ! ${assertion}; then
+- error_log "Assertion '${assertion}' failed."
+ backtrace
+- exit ${EXIT_ERROR_ASSERT}
++
++ # End the program here
++ abort "Assertion failed: ${assertion}"
+ fi
+
+ return ${EXIT_OK}
+ }
+
++# Ends the program immediately without cleaning up
++abort() {
++ local msg="$@"
++
++ # Print message
++ if isset msg; then
++ log ERROR "${msg}"
++ fi
++
++ exit ${EXIT_ERROR_ASSERT}
++}
++
+ # This function checks, if the given argument is an assert error
+ # exit code. If this is the case, the script will halt immediately.
+ assert_check_retval() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,139 @@
+From 2eb7011cb5447f9568c8136940f59a047e1b8dae Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 3 Jun 2019 13:17:06 +0200
+Subject: [PATCH 112/304] vlan: Add support for 802.1ad (QinQ)
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.vlan | 24 +++++++++++++++++++++++-
+ src/hooks/ports/vlan | 22 ++++++++++++++++++++--
+ 2 files changed, 43 insertions(+), 3 deletions(-)
+
+diff --git a/src/functions/functions.vlan b/src/functions/functions.vlan
+index ee2fb34..fbaa34f 100644
+--- a/src/functions/functions.vlan
++++ b/src/functions/functions.vlan
+@@ -22,6 +22,11 @@
+ PROC_NET_VLAN="/proc/net/vlan"
+ PROC_NET_VLAN_CONFIG="${PROC_NET_VLAN}/config"
+
++VLAN_SUPPORTED_PROTOCOLS=(
++ "802.1Q" # default
++ "802.1ad"
++)
++
+ VLAN_PORT_INTERFIX="v"
+
+ vlan_valid_id() {
+@@ -41,6 +46,13 @@ vlan_valid_id() {
+ return ${EXIT_FALSE}
+ }
+
++vlan_supported_protocol() {
++ local proto="${1}"
++ assert isset proto
++
++ list_match "${proto}" "${VLAN_SUPPORTED_PROTOCOLS[@]}"
++}
++
+ vlan_create() {
+ local device="${1}"
+ shift
+@@ -50,6 +62,7 @@ vlan_create() {
+ local address
+ local id=1
+ local parent
++ local protocol="${VLAN_SUPPORTED_PROTOCOLS[0]}"
+
+ # Parse command line arguments
+ while [ $# -gt 0 ]; do
+@@ -63,6 +76,9 @@ vlan_create() {
+ --parent=*)
+ parent=$(cli_get_val "${1}")
+ ;;
++ --protocol=*)
++ protocol=$(cli_get_val "${1}")
++ ;;
+ *)
+ error "Unrecognized argument: ${1}"
+ return ${EXIT_ERROR}
+@@ -82,6 +98,12 @@ vlan_create() {
+ return ${EXIT_ERROR}
+ fi
+
++ # Check protocol
++ if ! vlan_supported_protocol "${protocol}"; then
++ log ERROR "Invalid protocol: ${protocol}"
++ return ${EXIT_ERROR}
++ fi
++
+ # Check VLAN ID
+ if ! vlan_valid_id "${id}"; then
+ log ERROR "Invalid VLAN ID: ${id}"
+@@ -103,7 +125,7 @@ vlan_create() {
+ # Make the command
+ local command=(
+ ip link add link "${parent}" name "${device}"
+- address "${address}" type vlan id "${id}"
++ address "${address}" type vlan proto "${protocol}" id "${id}"
+ )
+
+ # Run the command
+diff --git a/src/hooks/ports/vlan b/src/hooks/ports/vlan
+index 7f99dbc..af563ee 100644
+--- a/src/hooks/ports/vlan
++++ b/src/hooks/ports/vlan
+@@ -25,14 +25,21 @@ HOOK_SETTINGS=(
+ "ADDRESS"
+ "ID"
+ "PARENT_PORT"
++ "PROTOCOL"
+ )
+
++# Set the default to 802.1Q
++DEFAULT_PROTOCOL="${VLAN_SUPPORTED_PROTOCOLS[0]}"
++
+ PORT_PARENTS_VAR="PARENT_PORT"
+
+ hook_check_settings() {
+ assert ismac ADDRESS
+ assert isset PARENT_PORT
+
++ assert isset PROTOCOL
++ assert vlan_supported_protocol "${PROTOCOL}"
++
+ assert isinteger ID
+ assert vlan_valid_id "${ID}"
+ }
+@@ -74,6 +81,16 @@ hook_parse_cmdline() {
+ return ${EXIT_CONF_ERROR}
+ fi
+ ;;
++ --protocol=*)
++ PROTOCOL="$(cli_get_val "${1}")"
++
++ # Check if PROTOCOL is supported
++ if ! vlan_supported_protocol "${PROTOCOL}"; then
++ error "Protocol '${PROTOCOL}' is not supported"
++ error "Choose one of ${VLAN_SUPPORTED_PROTOCOLS[*]}"
++ return ${EXIT_CONF_ERROR}
++ fi
++ ;;
+ *)
+ error "Unknown argument '${1}'"
+ return ${EXIT_CONF_ERROR}
+@@ -114,8 +131,9 @@ hook_create() {
+ # Create the VLAN device
+ if ! vlan_create "${port}" \
+ --address="${ADDRESS}" \
+- --id="${id}" \
+- --parent="${PARENT_PORT}"; then
++ --id="${ID}" \
++ --parent="${PARENT_PORT}" \
++ --protocol="${PROTOCOL}"; then
+ error "Could not create port: ${port}"
+ return ${EXIT_ERROR}
+ fi
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,57 @@
+From ecc7067479d165f4178f04248d86898cf50e3d95 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 20 Jun 2019 23:09:01 +0200
+Subject: [PATCH 113/304] Do not try to start Bird during boot process
+
+We should not do this in the network script and let just
+systemd take care of this. Otherwise we would end up in
+an infinite loop during the boot process.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.bird | 14 --------------
+ src/network | 3 ---
+ 2 files changed, 17 deletions(-)
+
+diff --git a/src/functions/functions.bird b/src/functions/functions.bird
+index 1bbac8c..55d43b5 100644
+--- a/src/functions/functions.bird
++++ b/src/functions/functions.bird
+@@ -33,20 +33,6 @@ bird_reload() {
+ service_reload "bird.service"
+ }
+
+-bird_enable() {
+- # Generate configuration file
+- if ! bird_generate_config; then
+- log ERROR "Could not write Bird configuration"
+- return ${EXIT_ERROR}
+- fi
+-
+- # Enable the service to be automatically started next time
+- service_enable "bird.service"
+-
+- # Start it now
+- bird_start
+-}
+-
+ # Update configuration any apply it in one go
+ bird_update() {
+ if ! bird_generate_config; then
+diff --git a/src/network b/src/network
+index be06d8a..30f87a0 100644
+--- a/src/network
++++ b/src/network
+@@ -1381,9 +1381,6 @@ case "${action}" in
+ # Update resolv.conf(5) when initializing the network
+ dns_generate_resolvconf
+
+- # Make sure bird is running
+- bird_enable
+-
+ # Also execute all triggers
+ triggers_execute_all "init"
+ ;;
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,27 @@
+From 9665b7963d263fd83ac132a84a3809fc6a03287a Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 21 Jun 2019 06:30:44 +0100
+Subject: [PATCH 114/304] configure: Break when asciidoc cannot be found
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ configure.ac | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/configure.ac b/configure.ac
+index 117850f..340cfd6 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -144,6 +144,9 @@ PKG_CHECK_MODULES([LIBNL], [libnl-3.0 libnl-genl-3.0])
+ # ------------------------------------------------------------------------------
+
+ AC_CHECK_PROGS(ASCIIDOC, [asciidoc])
++if test -z "${ASCIIDOC}"; then
++ AC_MSG_ERROR([Required program 'asciidoc' not found])
++fi
+
+ # ------------------------------------------------------------------------------
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,29 @@
+From f1081966991d55ccd182b45f58fc0fde31437f77 Mon Sep 17 00:00:00 2001
+From: Stefan Schantl <stefan.schantl@ipfire.org>
+Date: Sat, 22 Jun 2019 09:52:37 +0000
+Subject: [PATCH 115/304] Fix creating new configs
+
+The id argument was missing for the zone_config_settings_write.
+
+Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/header-config | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/header-config b/src/header-config
+index c6a775c..ed647cd 100644
+--- a/src/header-config
++++ b/src/header-config
+@@ -45,7 +45,7 @@ hook_new() {
+ fi
+
+ # Write configuration to disk
+- if ! zone_config_settings_write "${zone}" "${HOOK}"; then
++ if ! zone_config_settings_write "${zone}" "${HOOK}" "${id}"; then
+ return ${EXIT_ERROR}
+ fi
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,30 @@
+From d07532fad069c51d188ba7b93539488499d5dbf9 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 22 Jun 2019 13:31:03 +0000
+Subject: [PATCH 116/304] inetcalc: Fix compiler warnings
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/inetcalc.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/inetcalc.c b/src/inetcalc.c
+index 1841c84..7c072e9 100644
+--- a/src/inetcalc.c
++++ b/src/inetcalc.c
+@@ -134,9 +134,9 @@ static int default_prefix(const int family) {
+ static int ip_address_parse_simple(ip_address_t* ip, const int family, const char* address) {
+ assert(family == AF_INET || family == AF_INET6);
+
+- size_t address_length = strlen(address);
+- char buffer[address_length + 1];
+- strncpy(buffer, address, sizeof(buffer));
++ // Copy input to stack
++ char buffer[512];
++ strncpy(buffer, address, sizeof(buffer) - 1);
+
+ // Search for a prefix or subnet mask
+ char* prefix = strchr(buffer, '/');
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,70 @@
+From 0c5d22de5c22c9264dcb839df72440a1d11faa0c Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 21 Jun 2019 06:34:23 +0100
+Subject: [PATCH 117/304] firewall: Drop separate scripts for IPv6 and IPv4
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 3 +--
+ src/{firewall6 => firewall} | 0
+ src/firewall4 | 29 -----------------------------
+ 3 files changed, 1 insertion(+), 31 deletions(-)
+ rename src/{firewall6 => firewall} (100%)
+ delete mode 100644 src/firewall4
+
+diff --git a/Makefile.am b/Makefile.am
+index 4c26a9d..a36a4ab 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -115,8 +115,7 @@ dist_doc_DATA = \
+ dist_sbin_SCRIPTS = \
+ src/dhclient-script \
+ src/firewall-config \
+- src/firewall4 \
+- src/firewall6 \
++ src/firewall \
+ src/network
+
+ network_DATA = \
+diff --git a/src/firewall6 b/src/firewall
+similarity index 100%
+rename from src/firewall6
+rename to src/firewall
+diff --git a/src/firewall4 b/src/firewall4
+deleted file mode 100644
+index 55eed2c..0000000
+--- a/src/firewall4
++++ /dev/null
+@@ -1,29 +0,0 @@
+-#!/bin/bash
+-###############################################################################
+-# #
+-# IPFire.org - A linux based firewall #
+-# Copyright (C) 2012 IPFire Network Development Team #
+-# #
+-# This program is free software: you can redistribute it and/or modify #
+-# it under the terms of the GNU General Public License as published by #
+-# the Free Software Foundation, either version 3 of the License, or #
+-# (at your option) any later version. #
+-# #
+-# This program is distributed in the hope that it will be useful, #
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+-# GNU General Public License for more details. #
+-# #
+-# You should have received a copy of the GNU General Public License #
+-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+-# #
+-###############################################################################
+-
+-. /usr/lib/network/functions
+-
+-# Read firewall settings
+-firewall_settings_read
+-
+-firewall_cli "ipv4" "$@"
+-
+-exit ${EXIT_ERROR}
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,76 @@
+From 67131768c979c66ad3717e46cb81a068b14eafee Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 22 Jun 2019 13:43:04 +0000
+Subject: [PATCH 118/304] systemd: Remove double firewall scripts
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 3 +--
+ .../{firewall4.service.in => firewall.service} | 6 +++---
+ src/systemd/firewall6.service.in | 14 --------------
+ 3 files changed, 4 insertions(+), 19 deletions(-)
+ rename src/systemd/{firewall4.service.in => firewall.service} (62%)
+ delete mode 100644 src/systemd/firewall6.service.in
+
+diff --git a/Makefile.am b/Makefile.am
+index a36a4ab..81cf50d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -363,8 +363,7 @@ UNINSTALL_EXEC_HOOKS += ppp-uninstall-hook
+
+ if HAVE_SYSTEMD
+ systemdsystemunit_DATA = \
+- src/systemd/firewall4.service \
+- src/systemd/firewall6.service \
++ src/systemd/firewall.service \
+ src/systemd/firewall-init.service \
+ src/systemd/network-init.service \
+ src/systemd/network@.service
+diff --git a/src/systemd/firewall4.service.in b/src/systemd/firewall.service
+similarity index 62%
+rename from src/systemd/firewall4.service.in
+rename to src/systemd/firewall.service
+index 568f5e7..34797e5 100644
+--- a/src/systemd/firewall4.service.in
++++ b/src/systemd/firewall.service
+@@ -1,5 +1,5 @@
+ [Unit]
+-Description=Firewall for IPv4
++Description=Firewall for IPFire
+ After=firewall-init.service
+ Before=network.target
+ Requires=firewall-init.service
+@@ -7,8 +7,8 @@ Requires=firewall-init.service
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+-ExecStart=@sbindir@/firewall4 start
+-ExecStop=@sbindir@/firewall4 stop
++ExecStart=@sbindir@/firewall start
++ExecStop=@sbindir@/firewall stop
+
+ [Install]
+ WantedBy=multi-user.target
+diff --git a/src/systemd/firewall6.service.in b/src/systemd/firewall6.service.in
+deleted file mode 100644
+index 873bfe6..0000000
+--- a/src/systemd/firewall6.service.in
++++ /dev/null
+@@ -1,14 +0,0 @@
+-[Unit]
+-Description=Firewall for IPv6
+-After=firewall-init.service
+-Before=network.target
+-Requires=firewall-init.service
+-
+-[Service]
+-Type=oneshot
+-RemainAfterExit=yes
+-ExecStart=@sbindir@/firewall6 start
+-ExecStop=@sbindir@/firewall6 stop
+-
+-[Install]
+-WantedBy=multi-user.target
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,54 @@
+From 3e446cf0bff8c1dc409479bf02b0fc8912847c13 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 22 Jun 2019 13:50:00 +0000
+Subject: [PATCH 119/304] firewall: Add init action to main script
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/firewall | 26 +++++++++++++++++++++++++-
+ 1 file changed, 25 insertions(+), 1 deletion(-)
+
+diff --git a/src/firewall b/src/firewall
+index db7284c..c47ac61 100644
+--- a/src/firewall
++++ b/src/firewall
+@@ -19,11 +19,35 @@
+ # #
+ ###############################################################################
+
++# Parse the command line
++while [ $# -gt 0 ]; do
++ case "${1}" in
++ -d|--debug)
++ DEBUG=1
++ ;;
++ *)
++ action=${1}
++ ;;
++ esac
++ shift
++ [ -n "${action}" ] && break
++done
++
+ . /usr/lib/network/functions
+
+ # Read firewall settings
+ firewall_settings_read
+
+-firewall_cli "ipv6" "$@"
++case "${action}" in
++ # Initialise kernel with firewall settings
++ init)
++ firewall_kernel_init
++ exit $?
++ ;;
++
++ *)
++ firewall_cli "ipv6" "${action}" "$@"
++ ;;
++esac
+
+ exit ${EXIT_ERROR}
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,79 @@
+From 19b14da45fb83638878b14e77303194733679bc1 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 22 Jun 2019 13:52:09 +0000
+Subject: [PATCH 120/304] firewall: Drop initialisation helper script
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 1 -
+ src/helpers/firewall-kernel-init | 30 ----------------------------
+ src/systemd/firewall-init.service.in | 4 ++--
+ 3 files changed, 2 insertions(+), 33 deletions(-)
+ delete mode 100644 src/helpers/firewall-kernel-init
+
+diff --git a/Makefile.am b/Makefile.am
+index 81cf50d..0974ba8 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -206,7 +206,6 @@ dist_network_SCRIPTS = \
+
+ dist_helpers_SCRIPTS = \
+ src/helpers/dhcpd-config-helper \
+- src/helpers/firewall-kernel-init \
+ src/helpers/hostapd-config-helper \
+ src/helpers/ipsec-updown \
+ src/helpers/pppd-angel \
+diff --git a/src/helpers/firewall-kernel-init b/src/helpers/firewall-kernel-init
+deleted file mode 100644
+index aea82c4..0000000
+--- a/src/helpers/firewall-kernel-init
++++ /dev/null
+@@ -1,30 +0,0 @@
+-#!/bin/bash
+-###############################################################################
+-# #
+-# IPFire.org - A linux based firewall #
+-# Copyright (C) 2012 IPFire Network Development Team #
+-# #
+-# This program is free software: you can redistribute it and/or modify #
+-# it under the terms of the GNU General Public License as published by #
+-# the Free Software Foundation, either version 3 of the License, or #
+-# (at your option) any later version. #
+-# #
+-# This program is distributed in the hope that it will be useful, #
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+-# GNU General Public License for more details. #
+-# #
+-# You should have received a copy of the GNU General Public License #
+-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+-# #
+-###############################################################################
+-
+-. /usr/lib/network/functions
+-
+-# Read firewall settings
+-firewall_setttings_read
+-
+-# Initialize kernel parameters for the firewall.
+-firewall_kernel_init
+-
+-exit ${EXIT_OK}
+diff --git a/src/systemd/firewall-init.service.in b/src/systemd/firewall-init.service.in
+index 24497e9..91dd058 100644
+--- a/src/systemd/firewall-init.service.in
++++ b/src/systemd/firewall-init.service.in
+@@ -1,8 +1,8 @@
+ [Unit]
+-Description=Initialize kernel parameters for the firewalls
++Description=Initialize kernel parameters for the firewall
+ Before=network.target
+
+ [Service]
+ Type=oneshot
+ RemainAfterExit=yes
+-ExecStart=@helpersdir@/firewall-kernel-init
++ExecStart=@sbindir@/firewall init
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,28 @@
+From 70c56486267789a3767e22833548694a9b69e1b8 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 22 Jun 2019 13:55:00 +0000
+Subject: [PATCH 121/304] Revert "firewall: Disable PMTU by default"
+
+This reverts commit b3a66a5c00bc4e39ce0db34e2ac96c4911b4e31a.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.constants-firewall | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.constants-firewall b/src/functions/functions.constants-firewall
+index 4f7f503..d42189a 100644
+--- a/src/functions/functions.constants-firewall
++++ b/src/functions/functions.constants-firewall
+@@ -78,7 +78,7 @@ FIREWALL_USE_ECN="true"
+ FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_USE_ECN"
+
+ # Path MTU discovery
+-FIREWALL_PMTU_DISCOVERY="false"
++FIREWALL_PMTU_DISCOVERY="true"
+ FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_PMTU_DISCOVERY"
+
+ # Default TTL
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,147 @@
+From c69adafd8ad8abf4f14b6fe110bbd8efb5eca596 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 22 Jun 2019 14:11:15 +0000
+Subject: [PATCH 122/304] firewall: Fix reading/writing settings
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.constants-firewall | 40 ++++++++++++----------
+ src/functions/functions.settings | 6 ++--
+ 2 files changed, 25 insertions(+), 21 deletions(-)
+
+diff --git a/src/functions/functions.constants-firewall b/src/functions/functions.constants-firewall
+index d42189a..2ca9390 100644
+--- a/src/functions/functions.constants-firewall
++++ b/src/functions/functions.constants-firewall
+@@ -19,6 +19,10 @@
+ # #
+ ###############################################################################
+
++# Firewall file configuration
++FIREWALL_SETTINGS_DIR="/etc/firewall"
++FIREWALL_SETTINGS_FILE="${FIREWALL_SETTINGS_DIR}/settings"
++
+ # This variable is used to point to a directory
+ # in which the iptables ruleset will be generated.
+ IPTABLES_TMPDIR=
+@@ -32,78 +36,78 @@ FIREWALL_MACROS_DIRS="${FIREWALL_CONFIG_DIR}/macros"
+ FIREWALL_MACROS_DIRS="${FIREWALL_MACROS_DIRS} /usr/share/firewall/macros"
+
+ # List of parameters which are saved in the configuration file.
+-FIREWALL_CONFIG_PARAMS=""
++FIREWALL_SETTINGS=( "DEBUG" )
+
+ # Valid arguments in the rules file.
+ FIREWALL_RULES_CONFIG_PARAMS="src dst proto action sport dport in out"
+
+ # Define the default logging method (nflog or syslog).
+ FIREWALL_LOG_METHOD="nflog"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_METHOD"
++FIREWALL_SETTINGS+=( "FIREWALL_LOG_METHOD" )
+
+ # Set the default threshold for the nflog method.
+ FIREWALL_NFLOG_THRESHOLD=30
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_NFLOG_THRESHOLD"
++FIREWALL_SETTINGS+=( "FIREWALL_NFLOG_THRESHOLD" )
+
+ # Enable clamping MSS for braindead ISPs which filter ICMP packets.
+ FIREWALL_CLAMP_PATH_MTU="false"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_CLAMP_PATH_MTU"
++FIREWALL_SETTINGS+=( "FIREWALL_CLAMP_PATH_MTU" )
+
+ # Conntrack: Max. amount of simultaneous connections.
+ CONNTRACK_MAX_CONNECTIONS="16384"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} CONNTRACK_MAX_CONNECTIONS"
++FIREWALL_SETTINGS+=( "CONNTRACK_MAX_CONNECTIONS" )
+
+ # Conntrack: UDP timeout
+ CONNTRACK_UDP_TIMEOUT="60"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} CONNTRACK_UDP_TIMEOUT"
++FIREWALL_SETTINGS+=( "CONNTRACK_UDP_TIMEOUT" )
+
+ # Use SYN cookies or not
+ FIREWALL_SYN_COOKIES="true"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_SYN_COOKIES"
++FIREWALL_SETTINGS+=( "FIREWALL_SYN_COOKIES" )
+
+ # rp_filter
+ FIREWALL_RP_FILTER="true"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_RP_FILTER"
++FIREWALL_SETTINGS+=( "FIREWALL_RP_FILTER" )
+
+ # Log martians
+ FIREWALL_LOG_MARTIANS="false"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_MARTIANS"
++FIREWALL_SETTINGS+=( "FIREWALL_LOG_MARTIANS" )
+
+ # Accept ICMP redirects
+ FIREWALL_ACCEPT_ICMP_REDIRECTS="false"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_ACCEPT_ICMP_REDIRECTS"
++FIREWALL_SETTINGS+=( "FIREWALL_ACCEPT_ICMP_REDIRECTS" )
+
+ # ECN (Explicit Congestion Notification)
+ FIREWALL_USE_ECN="true"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_USE_ECN"
++FIREWALL_SETTINGS+=( "FIREWALL_USE_ECN" )
+
+ # Path MTU discovery
+ FIREWALL_PMTU_DISCOVERY="true"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_PMTU_DISCOVERY"
++FIREWALL_SETTINGS+=( "FIREWALL_PMTU_DISCOVERY" )
+
+ # Default TTL
+ FIREWALL_DEFAULT_TTL="64"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_DEFAULT_TTL"
++FIREWALL_SETTINGS+=( "FIREWALL_DEFAULT_TTL" )
+
+ # Log stealth scans
+ FIREWALL_LOG_STEALTH_SCANS="true"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_STEALTH_SCANS"
++FIREWALL_SETTINGS+=( "FIREWALL_LOG_STEALTH_SCANS" )
+
+ # Log packets with bad TCP flags
+ FIREWALL_LOG_BAD_TCP_FLAGS="true"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_BAD_TCP_FLAGS"
++FIREWALL_SETTINGS+=( "FIREWALL_LOG_BAD_TCP_FLAGS" )
+
+ # Log INVALID TCP packets
+ FIREWALL_LOG_INVALID_TCP="true"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_INVALID_TCP"
++FIREWALL_SETTINGS+=( "FIREWALL_LOG_INVALID_TCP" )
+
+ # Log INVALID UDP packets
+ FIREWALL_LOG_INVALID_UDP="true"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_INVALID_UDP"
++FIREWALL_SETTINGS+=( "FIREWALL_LOG_INVALID_UDP" )
+
+ # Log INVALID ICMP packets
+ FIREWALL_LOG_INVALID_ICMP="true"
+-FIREWALL_CONFIG_PARAMS="${FIREWALL_CONFIG_PARAMS} FIREWALL_LOG_INVALID_ICMP"
++FIREWALL_SETTINGS+=( "FIREWALL_LOG_INVALID_ICMP" )
+
+ FIREWALL_SUPPORTED_PROTOCOLS="tcp udp icmp igmp esp ah gre"
+ FIREWALL_PROTOCOLS_SUPPORTING_PORTS="tcp udp"
+diff --git a/src/functions/functions.settings b/src/functions/functions.settings
+index 69f4c23..5728e72 100644
+--- a/src/functions/functions.settings
++++ b/src/functions/functions.settings
+@@ -297,13 +297,13 @@ network_settings_list() {
+ }
+
+ firewall_settings_read() {
+- settings_read "${FIREWALL_SETTINGS_FILE}" "${FIREWALL_SETTINGS_PARAMS}"
++ settings_read "${FIREWALL_SETTINGS_FILE}" "${FIREWALL_SETTINGS[*]}"
+ }
+
+ firewall_settings_write() {
+- settings_write "${FIREWALL_SETTINGS_FILE}" "${FIREWALL_SETTINGS_PARAMS}"
++ settings_write "${FIREWALL_SETTINGS_FILE}" "${FIREWALL_SETTINGS[*]}"
+ }
+
+ firewall_settings_print() {
+- settings_print "${FIREWALL_SETTINGS_PARAMS}"
++ settings_print "${FIREWALL_SETTINGS[*]}"
+ }
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,80 @@
+From 12c8f41a0791a517d5cc7cd30bd566896891f092 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sat, 22 Jun 2019 14:16:07 +0000
+Subject: [PATCH 123/304] firewall: Drop firewall-config command in favour of
+ "firewall settings"
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 1 -
+ src/firewall | 5 +++++
+ src/firewall-config | 29 -----------------------------
+ 3 files changed, 5 insertions(+), 30 deletions(-)
+ delete mode 100644 src/firewall-config
+
+diff --git a/Makefile.am b/Makefile.am
+index 0974ba8..4fe5068 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -114,7 +114,6 @@ dist_doc_DATA = \
+
+ dist_sbin_SCRIPTS = \
+ src/dhclient-script \
+- src/firewall-config \
+ src/firewall \
+ src/network
+
+diff --git a/src/firewall b/src/firewall
+index c47ac61..569f413 100644
+--- a/src/firewall
++++ b/src/firewall
+@@ -45,6 +45,11 @@ case "${action}" in
+ exit $?
+ ;;
+
++ settings)
++ firewall_cli_settings "$@"
++ exit $?
++ ;;
++
+ *)
+ firewall_cli "ipv6" "${action}" "$@"
+ ;;
+diff --git a/src/firewall-config b/src/firewall-config
+deleted file mode 100644
+index 53ec175..0000000
+--- a/src/firewall-config
++++ /dev/null
+@@ -1,29 +0,0 @@
+-#!/bin/bash
+-###############################################################################
+-# #
+-# IPFire.org - A linux based firewall #
+-# Copyright (C) 2012 IPFire Network Development Team #
+-# #
+-# This program is free software: you can redistribute it and/or modify #
+-# it under the terms of the GNU General Public License as published by #
+-# the Free Software Foundation, either version 3 of the License, or #
+-# (at your option) any later version. #
+-# #
+-# This program is distributed in the hope that it will be useful, #
+-# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+-# GNU General Public License for more details. #
+-# #
+-# You should have received a copy of the GNU General Public License #
+-# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+-# #
+-###############################################################################
+-
+-. /usr/lib/network/functions
+-
+-# Read firewall settings
+-firewall_settings_read
+-
+-firewall_cli_settings "$@"
+-
+-exit ${EXIT_ERROR}
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,30 @@
+From 038a7f3628f6b7648f89bb3ef6813e757fed6fec Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 23 Jun 2019 10:30:17 +0000
+Subject: [PATCH 124/304] wireless: Do not attempt DFS when reg domain is set
+ to world
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.wireless | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/src/functions/functions.wireless b/src/functions/functions.wireless
+index 733a356..860b2dd 100644
+--- a/src/functions/functions.wireless
++++ b/src/functions/functions.wireless
+@@ -555,6 +555,11 @@ wireless_supports_dfs() {
+ local device="${1}"
+ assert isset device
+
++ # DFS is not supported if wireless reg domain is set to world
++ if [ -n "${WIRELESS_REGULATORY_DOMAIN}" ] || [ "${WIRELESS_REGULATORY_DOMAIN}" = "00" ]; then
++ return ${EXIT_FALSE}
++ fi
++
+ local phy="$(device_get_phy "${device}")"
+ if ! isset phy; then
+ log ERROR "Could not determine PHY for ${device}"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,42 @@
+From 0d99f882ea0f8c4b1c55f7107067a0cb35fedfb3 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 23 Jun 2019 10:33:48 +0000
+Subject: [PATCH 125/304] bird: Start service when needed and not already
+ running
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/functions/functions.bird | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/functions/functions.bird b/src/functions/functions.bird
+index 55d43b5..cbcb6e2 100644
+--- a/src/functions/functions.bird
++++ b/src/functions/functions.bird
+@@ -21,6 +21,10 @@
+
+ BIRD_CONF="/etc/bird.conf"
+
++bird_is_active() {
++ service_is_active "bird.service"
++}
++
+ bird_start() {
+ service_start "bird.service"
+ }
+@@ -41,7 +45,11 @@ bird_update() {
+ fi
+
+ # Reload bird
+- bird_reload
++ if bird_is_active; then
++ bird_reload
++ else
++ bird_start
++ fi
+ }
+
+ bird_generate_config() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,60 @@
+From 9515b03940a0fac2db3fff105638f49a53f85e7d Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 23 Jun 2019 11:57:17 +0000
+Subject: [PATCH 126/304] ip-tunnel: Support setting MTU on tunnels
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ src/hooks/zones/ip-tunnel | 15 +++++++++++++++
+ 1 file changed, 15 insertions(+)
+
+diff --git a/src/hooks/zones/ip-tunnel b/src/hooks/zones/ip-tunnel
+index c4a4fb4..3c885cb 100644
+--- a/src/hooks/zones/ip-tunnel
++++ b/src/hooks/zones/ip-tunnel
+@@ -26,6 +26,7 @@ SUPPORTED_IP_TUNNEL_MODES="gre sit vti"
+ HOOK_SETTINGS=(
+ "MARK"
+ "MODE"
++ "MTU"
+ "PEER"
+ "LOCAL_ADDRESS"
+ )
+@@ -33,6 +34,9 @@ HOOK_SETTINGS=(
+ # Default mode of the tunnel
+ DEFAULT_MODE="gre"
+
++# Default MTU
++DEFAULT_MTU="1480"
++
+ hook_check_settings() {
+ assert isset MODE && assert isoneof MODE ${SUPPORTED_IP_TUNNEL_MODES}
+
+@@ -67,6 +71,16 @@ hook_parse_cmdline() {
+ fi
+ ;;
+
++ --mtu=*)
++ MTU="$(cli_get_val "${1}")"
++
++ # Validate MTU
++ if ! mtu_is_valid "ipv6" "${MTU}"; then
++ error "Invalid MTU: ${MTU}"
++ return ${EXIT_ERROR}
++ fi
++ ;;
++
+ --peer=*)
+ PEER="$(cli_get_val "${1}")"
+ ;;
+@@ -116,6 +130,7 @@ hook_up() {
+ if ! device_exists "${zone}"; then
+ ip_tunnel_add "${zone}" \
+ --mode="${MODE}" \
++ --mtu="${MTU}" \
+ --remote-address="${PEER}" \
+ --local-address="${LOCAL_ADDRESS}" \
+ --ikey="${MARK}" \
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,33 @@
+From b41f1f866ef816e6ea7dd9e23e11e36a588ed611 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 23 Jun 2019 15:37:41 +0000
+Subject: [PATCH 127/304] firewall: Fix generating systemd file
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 3 +--
+ src/systemd/{firewall.service => firewall.service.in} | 0
+ 2 files changed, 1 insertion(+), 2 deletions(-)
+ rename src/systemd/{firewall.service => firewall.service.in} (100%)
+
+diff --git a/Makefile.am b/Makefile.am
+index 4fe5068..78da25f 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -374,8 +374,7 @@ INSTALL_DIRS += \
+ endif
+
+ EXTRA_DIST += \
+- src/systemd/firewall4.service.in \
+- src/systemd/firewall6.service.in \
++ src/systemd/firewall.service.in \
+ src/systemd/firewall-init.service.in \
+ src/systemd/network-init.service.in \
+ src/systemd/network@.service.in
+diff --git a/src/systemd/firewall.service b/src/systemd/firewall.service.in
+similarity index 100%
+rename from src/systemd/firewall.service
+rename to src/systemd/firewall.service.in
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,69 @@
+From dbe28a055de31302f0b8101e4e294394c6c2b63c Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Fri, 21 Jun 2019 14:37:03 +0100
+Subject: [PATCH 128/304] Make generating man-pages optional
+
+Fixes: #11862
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 4 +++-
+ configure.ac | 12 +++++++++++-
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 78da25f..b6ba5ac 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -480,11 +480,13 @@ MANPAGES_XML = $(patsubst %.txt,%.xml,$(MANPAGES_TXT))
+ .PHONY: man
+ man: $(MANPAGES) $(MANPAGES_HTML)
+
++if ENABLE_MANPAGES
+ man_MANS = \
+ $(MANPAGES)
++endif
+
+ CLEANFILES += \
+- $(man_MANS) \
++ $(MANPAGES) \
+ $(MANPAGES_HTML) \
+ $(MANPAGES_XML)
+
+diff --git a/configure.ac b/configure.ac
+index 340cfd6..37c17e3 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -123,6 +123,14 @@ AS_IF([test "x$enable_debug" = "xyes"], [
+ AC_DEFINE(ENABLE_DEBUG, [1], [Debug messages.])
+ ])
+
++# ------------------------------------------------------------------------------
++
++have_manpages=no
++AC_ARG_ENABLE(manpages, AS_HELP_STRING([--disable-man-pages],
++ [do not install man pages]))
++AS_IF([test "x$enable_manpages" != xno], [have_manpages=yes])
++AM_CONDITIONAL(ENABLE_MANPAGES, [test "x$have_manpages" = "xyes"])
++
+ # ------------------------------------------------------------------------------
+ AC_ARG_WITH([systemdsystemunitdir],
+ AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]),
+@@ -144,7 +152,7 @@ PKG_CHECK_MODULES([LIBNL], [libnl-3.0 libnl-genl-3.0])
+ # ------------------------------------------------------------------------------
+
+ AC_CHECK_PROGS(ASCIIDOC, [asciidoc])
+-if test -z "${ASCIIDOC}"; then
++if test "${have_manpages}" = "yes" && test -z "${ASCIIDOC}"; then
+ AC_MSG_ERROR([Required program 'asciidoc' not found])
+ fi
+
+@@ -167,4 +175,6 @@ AC_MSG_RESULT([
+
+ systemdsystemunitdir: $systemdsystemunitdir
+ udevdir: $udevdir
++
++ Generate man-pages: ${have_manpages}
+ ])
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,135 @@
+From 18bace574c15e966b8e3571cc00be287236162b5 Mon Sep 17 00:00:00 2001
+From: Jonatan Schlag <jonatan.schlag@ipfire.org>
+Date: Mon, 24 Jun 2019 13:30:14 +0200
+Subject: [PATCH 129/304] Add documentation for the IPsec VPN
+
+Signed-off-by: Jonatan Schlag <jonatan.schlag@ipfire.org>
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ man/network-vpn-ipsec.txt | 97 +++++++++++++++++++++++++++++++++++++++
+ man/network-vpn.txt | 5 ++
+ 2 files changed, 102 insertions(+)
+ create mode 100644 man/network-vpn-ipsec.txt
+
+diff --git a/man/network-vpn-ipsec.txt b/man/network-vpn-ipsec.txt
+new file mode 100644
+index 0000000..25347a8
+--- /dev/null
++++ b/man/network-vpn-ipsec.txt
+@@ -0,0 +1,97 @@
++= network-vpn-security-policies(8)
++
++== NAME
++network-ipsec - Configure IPsec VPN connections
++
++== SYNOPSIS
++[verse]
++'network vpn ipsec [new|destroy]' NAME...
++'network vpn ipsec' NAME COMMAND ...
++
++== DESCRIPTION
++With help of the 'vpn ipsec', it is possible to create, destroy
++and edit IPsec VPN connections.
++
++
++== COMMANDS
++The following commands are understood:
++
++'new NAME'::
++ A new IPsec VPN connection may be created with the 'new' command.
++ +
++ NAME does not allow any spaces.
++
++'destroy NAME'::
++ A IPsec VPN connection can be destroyed with this command.
++
++For all other commands, the name of the IPsec VPN connection needs to be passed first:
++
++'NAME show'::
++ Shows the configuration of the IPsec VPN connection
++
++'NAME authentication mode'::
++ Set the authentication mode out of the following available modes:
++ * psk
++
++'NAME authentication psk PSK'::
++ Set the pre-shared-key to PSK, only useful when the authentication mode is psk:
++
++include::include-color.txt[]
++
++include::include-description.txt[]
++
++'NAME down'::
++ Shutdown a etablished IPsec VPN connection
++
++'NAME inactivity-timeout TIME'::
++ Set the inactivity timeout with TIME in seconds or in the format hh:mm:ss
++
++'NAME local id ID'::
++ Specify the identity of the local system.
++ +
++ The ID must be in one of the following formats:
++ * IP address
++ * FQDN
++ * a string which starts with @
++
++'NAME local prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]'::
++ Specify the subnets of the local system which should be made available to the remote peer.
++
++'NAME mode [transport|tunnel]'::
++ Set the mode of the IPsec VPN connection.
++
++'NAME peer PEER'::
++ Set the peer to which the IPsec VPN connection should be etablished.
++
++'NAME remote id ID'::
++ Specify the identity of the remote machine.
++ +
++ The ID must be in one of the following formats:
++ * IP address
++ * FQDN
++ * A string which starts with @
++
++'NAME remote prefix [PREFIX-LIST|+PREFIX ...|-PREFIX ...]'::
++ Specify the subnets which the remote side makes available to us.
++
++'NAME security-policy'::
++ Set the security policy which the connection uses.
++ +
++ See link:network-vpn-security-policies[8] for details.
++
++'NAME up'::
++ Establishes the IPsec VPN connection to the remote peer.
++
++'NAME zone'::
++ When you specify a zone of type ip-tunnel here the IPsec connection is established over a vti tunnel.
++ The remote and local prefixes are ignored. Imagine a fiber connection between this two machines, and how you would use it.
++ The IPsec VPN connection works in the same way. You must configure routes and IP addresses of the ip-tunnel hook manually.
++
++
++== AUTHORS
++Michael Tremer,
++Jonatan Schlag
++
++== SEE ALSO
++link:network[8],
++link:network-vpn[8]
+diff --git a/man/network-vpn.txt b/man/network-vpn.txt
+index 5a905db..be33606 100644
+--- a/man/network-vpn.txt
++++ b/man/network-vpn.txt
+@@ -19,6 +19,11 @@ The following commands are understood:
+ +
+ See link:network-vpn-security-policies[8] for details.
+
++'ipsec' ...::
++ Use this command to manage ipsec vpn connections.
++ +
++ See link:network-vpn-ipsec[8] for details.
++
+ == AUTHORS
+ Michael Tremer
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,25 @@
+From 2612a6f4bb0bcc3e155425a653705146eb65d7cd Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 24 Jun 2019 13:28:01 +0100
+Subject: [PATCH 130/304] Makefile: Add network-vpn-ipsec(8)
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/Makefile.am b/Makefile.am
+index b6ba5ac..a5ea123 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -460,6 +460,7 @@ MANPAGES = \
+ man/network-route-static.8 \
+ man/network-settings.8 \
+ man/network-vpn.8 \
++ man/network-vpn-ipsec.8 \
+ man/network-vpn-security-policies.8 \
+ man/network-zone.8 \
+ man/network-zone-bridge.8 \
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,23 @@
+From 2cb783babd59716366984c8908e70285f23347f3 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Mon, 24 Jun 2019 13:28:12 +0100
+Subject: [PATCH 131/304] security-policies: performance: Remove CBC ciphers
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ config/vpn/security-policies/performance | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance
+index 9b8e943..b226d8d 100644
+--- a/config/vpn/security-policies/performance
++++ b/config/vpn/security-policies/performance
+@@ -1,4 +1,4 @@
+-CIPHERS="CHACHA20-POLY1305 AES128-GCM128 AES128-CBC"
++CIPHERS="CHACHA20-POLY1305 AES128-GCM128"
+ COMPRESSION="off"
+ GROUP_TYPES="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
+ INTEGRITIES="SHA256"
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,65 @@
+From 27208caa363cad7c2250bdff5b99a9bc16a5ca91 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 2 Oct 2019 10:36:13 +0000
+Subject: [PATCH 132/304] IPsec: Add support for Curve448
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ config/vpn/security-policies/performance | 2 +-
+ config/vpn/security-policies/system | 2 +-
+ src/functions/functions.vpn-security-policies | 6 +++++-
+ 3 files changed, 7 insertions(+), 3 deletions(-)
+
+diff --git a/config/vpn/security-policies/performance b/config/vpn/security-policies/performance
+index b226d8d..209f43d 100644
+--- a/config/vpn/security-policies/performance
++++ b/config/vpn/security-policies/performance
+@@ -1,6 +1,6 @@
+ CIPHERS="CHACHA20-POLY1305 AES128-GCM128"
+ COMPRESSION="off"
+-GROUP_TYPES="ECP521 ECP384 ECP256 ECP224 ECP192 CURVE25519"
++GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192"
+ INTEGRITIES="SHA256"
+ PSEUDO_RANDOM_FUNCTIONS="SHA256"
+ KEY_EXCHANGE="ikev2"
+diff --git a/config/vpn/security-policies/system b/config/vpn/security-policies/system
+index db30e69..6ceb0c4 100644
+--- a/config/vpn/security-policies/system
++++ b/config/vpn/security-policies/system
+@@ -1,7 +1,7 @@
+ KEY_EXCHANGE="ikev2"
+ CIPHERS="CHACHA20-POLY1305 AES256-GCM128 AES256-CBC AES192-GCM128 AES192-CBC AES128-GCM128 AES128-CBC"
+ INTEGRITIES="SHA512 SHA384 SHA256"
+-GROUP_TYPES="CURVE25519 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
++GROUP_TYPES="CURVE25519 CURVE448 ECP521 ECP384 ECP256 ECP224 ECP192 MODP8192 MODP6144 MODP4096 MODP2048"
+ PSEUDO_RANDOM_FUNCTIONS="SHA512 SHA384 SHA256"
+ LIFETIME="28800"
+ PFS="on"
+diff --git a/src/functions/functions.vpn-security-policies b/src/functions/functions.vpn-security-policies
+index d1d720b..138e821 100644
+--- a/src/functions/functions.vpn-security-policies
++++ b/src/functions/functions.vpn-security-policies
+@@ -263,6 +263,9 @@ declare -A VPN_SUPPORTED_GROUP_TYPES=(
+
+ # Curve25519
+ [CURVE25519]="256 bit Elliptic Curve 25519"
++
++ # Curve448
++ [CURVE448]="224 bit Elliptic Curve 448"
+ )
+
+ declare -A GROUP_TYPE_TO_STRONGSWAN=(
+@@ -289,8 +292,9 @@ declare -A GROUP_TYPE_TO_STRONGSWAN=(
+ [ECP384BP]="ecp384bp"
+ [ECP512BP]="ecp512bp"
+
+- # Curve25519
++ # More Curves
+ [CURVE25519]="curve25519"
++ [CURVE448]="curve448"
+ )
+
+ cli_vpn_security_policies() {
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,112 @@
+From ea4abb82bc6e613ddebd6235f792dd5bbbc469c9 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Thu, 7 May 2020 20:30:03 +0100
+Subject: [PATCH 133/304] Disable copybreak
+
+Some network interface drivers employ a scheme known as "copybreak"
+in which they make a copy of a received skb if the size of the
+buffer is below a particular threshold, then return the original
+receive skb back to the pool. Since these drivers initially
+allocate a buffer size that is larger than the largest possible
+packet, this scheme returns that large buffer to the pool quickly,
+and uses a smaller one.
+
+The primary benefit of copybreak is better memory utilization. On
+systems where the data is ultimately going to be copied out to user
+space, the copybreak scheme is "low cost" because it has the side
+benefit of priming the cache for that later copy. But on a router
+that only touches the header fields of a received packet, the cost
+can be relatively higher. And on modern systems the memory savings
+is rarely an important consideration.
+
+Some of the drivers that employ copybreak make the feature
+configurable via a module parameter. This file disables copybreak
+in some of those drivers. Generally this results in an improvement
+in forwarding performance for traffic using these drivers.
+
+Fixes: #11930
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
+---
+ Makefile.am | 6 +++++
+ src/modprobe.d/no-copybreak.conf | 44 ++++++++++++++++++++++++++++++++
+ 2 files changed, 50 insertions(+)
+ create mode 100644 src/modprobe.d/no-copybreak.conf
+
+diff --git a/Makefile.am b/Makefile.am
+index a5ea123..4aa7314 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -31,6 +31,7 @@ AUTOMAKE_OPTIONS = color-tests
+ configdir = $(sysconfdir)/network
+ bashcompletiondir= $(datadir)/bash-completion/completions
+ libexecdir = $(prefix)/lib
++modprobedir = $(prefix)/lib/modprobe.d
+ pkgconfigdir = $(libdir)/pkgconfig
+ pppdir = $(sysconfdir)/ppp
+ systemconfigdir = $(datadir)/network
+@@ -396,6 +397,11 @@ dist_sysctl_DATA = \
+
+ # ------------------------------------------------------------------------------
+
++dist_modprobe_DATA = \
++ src/modprobe.d/no-copybreak.conf
++
++# ------------------------------------------------------------------------------
++
+ dist_bashcompletion_SCRIPTS = \
+ src/bash-completion/network
+
+diff --git a/src/modprobe.d/no-copybreak.conf b/src/modprobe.d/no-copybreak.conf
+new file mode 100644
+index 0000000..97ea886
+--- /dev/null
++++ b/src/modprobe.d/no-copybreak.conf
+@@ -0,0 +1,44 @@
++#
++# Some network interface drivers employ a scheme known as "copybreak"
++# in which they make a copy of a received skb if the size of the
++# buffer is below a particular threshold, then return the original
++# receive skb back to the pool. Since these drivers initially
++# allocate a buffer size that is larger than the largest possible
++# packet, this scheme returns that large buffer to the pool quickly,
++# and uses a smaller one.
++#
++# The primary benefit of copybreak is better memory utilization. On
++# systems where the data is ultimately going to be copied out to user
++# space, the copybreak scheme is "low cost" because it has the side
++# benefit of priming the cache for that later copy. But on a router
++# that only touches the header fields of a received packet, the cost
++# can be relatively higher. And on modern systems the memory savings
++# is rarely an important consideration.
++#
++# Some of the drivers that employ copybreak make the feature
++# configurable via a module parameter. This file disables copybreak
++# in some of those drivers. Generally this results in an improvement
++# in forwarding performance for traffic using these drivers.
++#
++
++options 3c515 rx_copybreak=0
++options 3c59x rx_copybreak=0
++options bcm63xx copybreak=0
++options cxgb copybreak=0
++options e1000 copybreak=0
++options e1000e copybreak=0
++options epic100 rx_copybreak=0
++options fealnx rx_copybreak=0
++options hamachi rx_copybreak=0
++options ixgb copybreak=0
++options natsemi rx_copybreak=0
++options pch_gbe copybreak=0
++options pcnet32 rx_copybreak=0
++options sis190 rx_copybreak=0
++options sky2 copybreak=0
++options starfire rx_copybreak=0
++options sundance rx_copybreak=0
++options typhoon rx_copybreak=0
++options via-rhine rx_copybreak=0
++options via-velocity rx_copybreak=0
++options yellowfin rx_copybreak=0
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,25 @@
+From ed993fc9d436da0788eca6f80374c9cd85b8bb9b Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 22 Jan 2023 12:33:11 +0000
+Subject: [PATCH 134/304] configure: Check for libsystemd
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ configure.ac | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/configure.ac b/configure.ac
+index 37c17e3..f3a9c17 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -148,6 +148,7 @@ AM_CONDITIONAL(HAVE_UDEV, [test -n "$with_udevdir"])
+ # ------------------------------------------------------------------------------
+
+ PKG_CHECK_MODULES([LIBNL], [libnl-3.0 libnl-genl-3.0])
++PKG_CHECK_MODULES([SYSTEMD], [libsystemd])
+
+ # ------------------------------------------------------------------------------
+
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,93 @@
+From 050f4ece8900b9212de57b3564381d82540323aa Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 22 Jan 2023 12:41:47 +0000
+Subject: [PATCH 135/304] Makefile: Add scaffolding for networkd
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ .gitignore | 1 +
+ Makefile.am | 18 ++++++++++++++++++
+ src/networkd/main.c | 23 +++++++++++++++++++++++
+ 3 files changed, 42 insertions(+)
+ create mode 100644 src/networkd/main.c
+
+diff --git a/.gitignore b/.gitignore
+index bb093d3..e3bae67 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -3,6 +3,7 @@
+ /config.*
+ /libtool
+ /missing
++/networkd
+ /src/functions/functions
+ /src/inetcalc
+ /src/libnetwork/libnetwork.pc
+diff --git a/Makefile.am b/Makefile.am
+index 4aa7314..64ad94d 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -61,6 +61,7 @@ INSTALL_DIRS =
+ INSTALL_EXEC_HOOKS =
+ UNINSTALL_EXEC_HOOKS =
+ noinst_DATA =
++sbin_PROGRAMS =
+
+ AM_CPPFLAGS = \
+ $(OUR_CPPFLAGS) \
+@@ -299,6 +300,23 @@ EXTRA_DIST += \
+
+ # ------------------------------------------------------------------------------
+
++sbin_PROGRAMS += \
++ networkd
++
++dist_networkd_SOURCES = \
++ src/networkd/main.c
++
++networkd_CPPFLAGS = \
++ $(AM_CPPFLAGS)
++
++networkd_CFLAGS = \
++ $(AM_CFLAGS)
++
++networkd_LDFLAGS = \
++ $(AM_LDFLAGS)
++
++# ------------------------------------------------------------------------------
++
+ util_PROGRAMS = \
+ src/utils/network-phy-list-channels \
+ src/utils/network-phy-list-ciphers \
+diff --git a/src/networkd/main.c b/src/networkd/main.c
+new file mode 100644
+index 0000000..14aafdd
+--- /dev/null
++++ b/src/networkd/main.c
+@@ -0,0 +1,23 @@
++/*#############################################################################
++# #
++# IPFire.org - A linux based firewall #
++# Copyright (C) 2023 IPFire Network Development Team #
++# #
++# This program is free software: you can redistribute it and/or modify #
++# it under the terms of the GNU General Public License as published by #
++# the Free Software Foundation, either version 3 of the License, or #
++# (at your option) any later version. #
++# #
++# This program is distributed in the hope that it will be useful, #
++# but WITHOUT ANY WARRANTY; without even the implied warranty of #
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
++# GNU General Public License for more details. #
++# #
++# You should have received a copy of the GNU General Public License #
++# along with this program. If not, see <http://www.gnu.org/licenses/>. #
++# #
++#############################################################################*/
++
++int main(int argc, char** argv) {
++ return 0;
++}
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,34 @@
+From 5d326bbb3f564cdb7031d80850bd3fe3c7565233 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 29 Jan 2023 21:18:34 +0000
+Subject: [PATCH 136/304] networkd: Link against systemd
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ Makefile.am | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 64ad94d..74b2fae 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -310,11 +310,15 @@ networkd_CPPFLAGS = \
+ $(AM_CPPFLAGS)
+
+ networkd_CFLAGS = \
+- $(AM_CFLAGS)
++ $(AM_CFLAGS) \
++ $(SYSTEMD_CFLAGS)
+
+ networkd_LDFLAGS = \
+ $(AM_LDFLAGS)
+
++networkd_LDADD = \
++ $(SYSTEMD_LIBS)
++
+ # ------------------------------------------------------------------------------
+
+ util_PROGRAMS = \
+--
+2.39.2
+
new file mode 100644
@@ -0,0 +1,47 @@
+From 26acbb4e03e3a44e6046884eab25f6c7e376c105 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Sun, 29 Jan 2023 21:18:53 +0000
+Subject: [PATCH 137/304] networkd: Tell systemd about the daemon status
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---